Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2022-11-28 CVE-2022-38753 Improper Authentication vulnerability in Microfocus Netiq Advanced Authentication
This update resolves a multi-factor authentication bypass attack
network
low complexity
microfocus CWE-287
6.3
2022-11-28 CVE-2022-41912 Improper Authentication vulnerability in Saml Project Saml
The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements.
network
low complexity
saml-project CWE-287
critical
9.8
2022-11-27 CVE-2022-45933 Improper Authentication vulnerability in Kubeview Project Kubeview
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin.
network
low complexity
kubeview-project CWE-287
critical
9.8
2022-11-25 CVE-2022-36133 Improper Authentication vulnerability in Epson products
The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.
network
low complexity
epson CWE-287
critical
9.1
2022-11-23 CVE-2022-37774 Improper Authentication vulnerability in Maarch RM
There is a broken access control vulnerability in the Maarch RM 2.8.3 solution.
network
low complexity
maarch CWE-287
5.3
2022-11-22 CVE-2022-44801 Improper Authentication vulnerability in Dlink Dir-878 Firmware 1.02B05
D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control.
network
low complexity
dlink CWE-287
critical
9.8
2022-11-22 CVE-2022-37931 Improper Authentication vulnerability in HP Nonstop Netbatch-Plus
A vulnerability in NetBatch-Plus software allows unauthorized access to the application.
local
low complexity
hp CWE-287
7.8
2022-11-22 CVE-2022-43685 Improper Authentication vulnerability in Okfn Ckan
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request.
network
low complexity
okfn CWE-287
8.8
2022-11-21 CVE-2021-24649 Improper Authentication vulnerability in Wedevs WP User Frontend
The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption().
network
low complexity
wedevs CWE-287
critical
9.8
2022-11-17 CVE-2022-43782 Improper Authentication vulnerability in Atlassian Crowd
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path.
network
low complexity
atlassian CWE-287
critical
9.8