An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing un...

IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 1585...

In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).

A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using at...

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not...

SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authoriza...