Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2024-38225 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
network
low complexity
CWE-287
8.8
2024-09-05 CVE-2024-5956 Improper Authentication vulnerability in Trellix Intrusion Prevention System Manager 11.1.7.97
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly
network
low complexity
trellix CWE-287
5.3
2024-09-05 CVE-2024-5957 Improper Authentication vulnerability in Trellix Intrusion Prevention System Manager 10.1
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.
network
low complexity
trellix CWE-287
7.5
2024-09-04 CVE-2024-7012 Improper Authentication vulnerability in Redhat Satellite 6.13/6.14/6.15
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration.
network
low complexity
redhat CWE-287
critical
9.8
2024-09-04 CVE-2024-7923 Improper Authentication vulnerability in Redhat Satellite 6.13/6.14/6.15
An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration.
network
low complexity
redhat CWE-287
critical
9.8
2024-09-04 CVE-2024-7870 The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files.
network
low complexity
CWE-287
6.5
2024-09-03 CVE-2024-7346 Improper Authentication vulnerability in Progress Openedge
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection.  This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security.  The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation.
network
high complexity
progress CWE-287
4.8
2024-08-28 CVE-2024-7745 Improper Authentication vulnerability in Progress WS FTP Server
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
network
low complexity
progress CWE-287
8.1
2024-08-27 CVE-2024-8181 Improper Authentication vulnerability in Flowiseai Flowise 1.8.2
An Authentication Bypass vulnerability exists in Flowise version 1.8.2.
network
low complexity
flowiseai CWE-287
8.1
2024-08-26 CVE-2024-7401 Improper Authentication vulnerability in Netskope
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter.
network
low complexity
netskope CWE-287
7.5