Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2023-03-15 CVE-2022-46773 Improper Authentication vulnerability in IBM products
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools.
network
low complexity
ibm CWE-287
6.5
2023-03-15 CVE-2022-46774 Improper Authentication vulnerability in IBM Manage Application 8.4.0/8.5.0
IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to.
network
low complexity
ibm CWE-287
6.5
2023-03-14 CVE-2023-1327 Improper Authentication vulnerability in Netgear Rax30 Firmware 1.0.3.64/1.0.4.66/1.0.5.70
Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.
network
low complexity
netgear CWE-287
critical
9.8
2023-03-14 CVE-2023-25957 Improper Authentication vulnerability in Mendix Saml
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All Versions >= 1.16.4 < 1.17.2), Mendix SAML (Mendix 8 compatible) (All versions >= 2.2.0 < 2.2.3), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= 3.1.9 < 3.2.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= 3.1.9 < 3.2.5).
network
low complexity
mendix CWE-287
7.5
2023-03-14 CVE-2023-23857 Improper Authentication vulnerability in SAP Netweaver Application Server for Java 7.50
Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems.
network
low complexity
sap CWE-287
8.6
2023-03-13 CVE-2023-27582 Improper Authentication vulnerability in Maddy Project Maddy
maddy is a composable, all-in-one mail server.
network
low complexity
maddy-project CWE-287
critical
9.8
2023-03-13 CVE-2023-0346 Improper Authentication vulnerability in Akuvox E11 Firmware
Akuvox E11 cloud login is performed through an unencrypted HTTP connection.
network
low complexity
akuvox CWE-287
7.5
2023-03-10 CVE-2022-44574 Improper Authentication vulnerability in Ivanti Avalanche
An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.
network
low complexity
ivanti CWE-287
7.5
2023-03-10 CVE-2022-33242 Improper Authentication vulnerability in Qualcomm products
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
local
low complexity
qualcomm CWE-287
7.8
2023-03-08 CVE-2023-27482 Improper Authentication vulnerability in Home-Assistant Supervisor
homeassistant is an open source home automation tool.
network
low complexity
home-assistant CWE-287
critical
10.0