映射到 CWE-285 的搜索结果 (45)

CVE-2018-1258(发布:2018-05-11 16:29:00)NMS
CVSS6.5

[原文]Spring Security in combination with Spring Framework versions prior to 5.0.6 contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

CVE-2018-1278(发布:2018-05-11 16:29:00)NMS
CVSS4.3

[原文]Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org.

CVE-2018-1389(发布:2018-04-30 10:29:00)NMS
CVSS4.0

[原文]IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.

CVE-2013-7245(发布:2018-04-24 16:29:00)NM
CVSS5.0

[原文]The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859.

CVE-2018-7245(发布:2018-04-18 16:29:00)NM
CVSS6.4

[原文]An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization.

CVE-2017-1766(发布:2018-03-30 12:29:00)NMPS
CVSS4.0

[原文]Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.

12345678下一页尾页 第1页 / 共8页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站