5737 matches found
CVE-2020-9090
FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product...
CVE-2020-9090
FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product...
CVE-2020-9090
The CVE-2020-9090 issue affects Huawei FusionAccess 6.5.1, where an improper authorization vulnerability allows a command to run with incorrect privileges. The root cause is a mis-authorization of commands, enabling attackers with different privileges to exploit the flaw and potentially disrupt n...
Johnson Controls Sensormatic Electronics American Dynamics victor Web Client and Software House C•CURE Web Client (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION : Low skill level to exploit Vendor : Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment : American Dynamics victor Web Client Vulnerability : Improper Authorization 2. UPDATE INFORMATION This updated advisory is a follow-up to the...
MailDepot 2032 SP2 (2.2.1242) Authorization Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2019-048 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Versions: 2032 SP2 2.2.1242 Tested Versions: 2032 SP2 2.2.1242 Vulnerability Type: Improper Authorization CWE-285 Risk Level: High Solution Status: Fixed Manufacturer...
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...
CVE-2020-7530
A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...
CVE-2020-7530
A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...
CVE-2020-1748
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secur...
CVE-2020-7530
CVE-2020-7530 affects SCADAPack 7x Remote Connect ≤ 3.6.3.574, with a CWE-285 improper authorization flaw that enables access to executable code folders. Root cause: insufficient/authentication weakness in the authorization mechanism. Consequence: potential unauthorized access to folders containi...
CVE-2020-7530
A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...
CVE-2020-1748
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secur...
GitLab Improper Authorization Vulnerability (CNVD-2020-52425)
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An improper authorization vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8, and...
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...
GHSA-V6C5-HWQG-3X5Q Improper Authorization in passport-cognito
All versions of passport-cognito are vulnerable to Improper Authorization. The package fails to properly scope the variables containing authorization information, such as access token, refresh token and ID token. This causes a race condition where simultaneous authenticated users may receive...
Improper Authorization in passport-cognito
All versions of passport-cognito are vulnerable to Improper Authorization. The package fails to properly scope the variables containing authorization information, such as access token, refresh token and ID token. This causes a race condition where simultaneous authenticated users may receive...
Improper Authorization in @sap-cloud-sdk/core
Affected versions of @sap-cloud-sdk/core do not properly validate JWTs. The verifyJwt function does not properly validate the URL from where the public verification key for the JWT can be downloaded. Any URL was trusted which makes it possible to provide a URL belonging to a manipulated JWT...