CVE-2023-35998

MEDIUM Year: 2023
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-862
View all →

Vulnerability Description

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.

Related Vulnerabilities

CVE-2018-2419

MEDIUM
CVSS:4.6(Medium)

SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user...

CWE-8622018

CVE-2020-13626

MEDIUM
CVSS:4.6(Medium)

OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.

CWE-8622020

CVE-2020-36715

MEDIUM
CVSS:4.6(Medium)

The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible fo...

CWE-8622020

CVE-2021-1835

MEDIUM
CVSS:4.6(Medium)

This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to access notes from the lock screen.

CWE-8622021

CVE-2021-27609

MEDIUM
CVSS:4.6(Medium)

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP Ea...

CWE-8622021

CVE-2023-20064

MEDIUM
CVSS:4.6(Medium)

A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using...

CWE-8622023