CWE-862

Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller’s permission, in which a third-party app could change system settings.

InHand Networks IR615 Router’s Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.

An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.

Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project.

SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions – SAP_APPL – 600, 602, 603, 604, 605, 606, 616, SAP_FIN – 617, 618, 700, 720, 730, SAPSCORE – 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.