Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-8777

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 May, 2019 | 19:06
Updated At-05 Aug, 2024 | 16:48
Rejected At-
Credits

Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 May, 2019 | 19:06
Updated At:05 Aug, 2024 | 16:48
Rejected At:
▼CVE Numbering Authority (CNA)

Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://ox.com
x_refsource_MISC
http://open-xchange.com
x_refsource_MISC
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4137_1.2.2_2017-05-12.pdf
x_refsource_CONFIRM
Hyperlink: http://ox.com
Resource:
x_refsource_MISC
Hyperlink: http://open-xchange.com
Resource:
x_refsource_MISC
Hyperlink: https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4137_1.2.2_2017-05-12.pdf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://ox.com
x_refsource_MISC
x_transferred
http://open-xchange.com
x_refsource_MISC
x_transferred
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4137_1.2.2_2017-05-12.pdf
x_refsource_CONFIRM
x_transferred
Hyperlink: http://ox.com
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://open-xchange.com
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4137_1.2.2_2017-05-12.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 May, 2019 | 20:29
Updated At:23 May, 2019 | 15:31

Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.2HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
Open-Xchange AG
open-xchange
>>ox_cloud>>Versions up to 1.4.0(inclusive)
cpe:2.3:a:open-xchange:ox_cloud:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-285Primarynvd@nist.gov
CWE ID: CWE-285
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://open-xchange.comcve@mitre.org
Vendor Advisory
http://ox.comcve@mitre.org
Not Applicable
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4137_1.2.2_2017-05-12.pdfcve@mitre.org
Release Notes
Vendor Advisory
Hyperlink: http://open-xchange.com
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://ox.com
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4137_1.2.2_2017-05-12.pdf
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

62Records found
CVE-2024-9082
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 52.21%
||
7 Day CHG~0.00%
Published-22 Sep, 2024 | 08:00
Updated-31 Mar, 2025 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Eyewear Shop User Creation Users.php improper authorization

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save of the component User Creation Handler. The manipulation of the argument Type with the input 1 leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-online_eyewear_shopOnline Eyewear Shoponline_eyewear_shop
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-9297
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.07%
||
7 Day CHG~0.00%
Published-28 Sep, 2024 | 12:00
Updated-01 Oct, 2024 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Railway Reservation System admin improper authorization

A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument page with the input trains/schedules/system_info leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-railway_reservation_systemOnline Railway Reservation System
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2021-24195
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.60% / 68.59%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 11:38
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Login as User or Customer (User Switching) < 1.9 - Arbitrary Plugin Installation/Activation via Low Privilege User

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

Action-Not Available
Vendor-wp-buywp-buy
Product-login_as_user_or_customer_\(user_switching\)Login as User or Customer (User Switching)
CWE ID-CWE-285
Improper Authorization
CVE-2021-24193
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.60% / 68.59%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 11:38
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visitor Traffic Real Time Statistics < 2.12 - Arbitrary Plugin Installation/Activation via Low Privilege User

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

Action-Not Available
Vendor-wp-buywp-buy
Product-visitor_traffic_real_time_statisticsVisitor Traffic Real Time Statistics
CWE ID-CWE-285
Improper Authorization
CVE-2021-24192
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.60% / 68.59%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 11:38
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tree Sitemap < 2.9 - Arbitrary Plugin Installation/Activation via Low Privilege User

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

Action-Not Available
Vendor-sitemap_projectwp-buy
Product-sitemapTree Sitemap (Pages, Posts & Categories list)
CWE ID-CWE-285
Improper Authorization
CVE-2021-24188
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.73% / 71.66%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 11:38
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Content Copy Protection & No Right Click < 3.1.5 - Arbitrary Plugin Installation/Activation via Low Privilege User

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

Action-Not Available
Vendor-wp-buywp-buy
Product-wp_content_copy_protection_\&_no_right_clickWP Content Copy Protection & No Right Click
CWE ID-CWE-285
Improper Authorization
CVE-2021-23140
Matching Score-4
Assigner-Gallagher Group Ltd.
ShareView Details
Matching Score-4
Assigner-Gallagher Group Ltd.
CVSS Score-9.9||CRITICAL
EPSS-0.23% / 46.05%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:46
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.

Action-Not Available
Vendor-Gallagher Group Ltd.
Product-command_centreCommand Centre
CWE ID-CWE-285
Improper Authorization
CVE-2024-7851
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.55%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 00:00
Updated-03 Sep, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Yoga Class Registration System Add User Users.php improper authorization

A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Users.php?f=save of the component Add User Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-yoga_class_registration_systemYoga Class Registration Systemyoga_class_registration_system
CWE ID-CWE-285
Improper Authorization
CVE-2021-24190
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.60% / 68.59%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 11:38
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooCommerce Conditional Marketing Mailer < 1.5.2 - Arbitrary Plugin Installation/Activation via Low Privilege User

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

Action-Not Available
Vendor-wp-buywp-buy
Product-conditional_marketing_mailerWooCommerce Conditional Marketing Mailer
CWE ID-CWE-285
Improper Authorization
CVE-2021-24191
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.60% / 68.59%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 11:38
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Maintenance Mode & Site Under Construction < 1.8.2 - Arbitrary Plugin Installation/Activation via Low Privilege User

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

Action-Not Available
Vendor-wpshopmartwp-buy
Product-coming_soon_page_\&_maintenance_modeWP Maintenance Mode & Site Under Construction
CWE ID-CWE-285
Improper Authorization
CVE-2024-3013
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.14% / 35.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:31
Updated-12 Jun, 2025 | 23:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FLIR AX8 User Registration improper authorization

A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue affects some unknown processing of the file /tools/test_login.php?action=register of the component User Registration. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258299. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-flirFLIRflir
Product-flir_ax8_firmwareflir_ax8AX8flir_ax8_firmware
CWE ID-CWE-285
Improper Authorization
CVE-2016-9575
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.27% / 50.32%
||
7 Day CHG~0.00%
Published-13 Mar, 2018 | 13:00
Updated-16 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.

Action-Not Available
Vendor-freeipaFreeIPA
Product-freeipaipa
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-285
Improper Authorization
  • Previous
  • 1
  • 2
  • Next
Details not found