Missing Authorization

Django is vulnerable to Missing Authorization. The vulnerability is due to missing validation of add permissions for inline model instances in GenericInlineModelAdmin, which allows an attacker to submit forged POST data and create unauthorized objects...

CVE-2024-5759

An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges...

CVE-2024-5759 Improper privilege management

An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges...

CVE-2024-5759

CVE-2024-5759 affects Tenable Security Center. It is an improper privilege management vulnerability where an authenticated, remote attacker could view unauthorized objects and initiate scans without the required privileges. The issue is addressed in Security Center 6.4.0 (upgrade to 6.4.0 or late...

Tenable Security Center Security Breach

Tenable Security Center is a security center from Tenable USA. A security vulnerability exists in Tenable Security Center versions prior to 6.4.0 that originates from a vulnerability that allows an authenticated, remote attacker to view unauthorized objects and initiate scans without the required...

PT-2024-37126 · Tenable · Tenable Security Center

Name of the Vulnerable Software and Affected Versions: Tenable Security Center affected versions not specified Description: An improper privilege management issue exists, allowing an authenticated, remote attacker to view unauthorized objects and launch scans without the required privileges...

Authorization Bypass

github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability exists because the number of objects returned with the ListObjects API are non-deterministic which allows an attacker to access unauthorized objects if the model contains expressions of type rel1 from type1...

CVE-2023-35998

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before...

Authorization

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before...

CVE-2023-35998 ITM Server Missing Authorization in SOAP Endpoints

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before...

CVE-2023-35998 ITM Server Missing Authorization in SOAP Endpoints

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before...

Apache Geode OQL bind parameter vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions...