Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-33766 Improper Authentication vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Information Disclosure Vulnerability
network
low complexity
microsoft CWE-287
5.0
2021-07-13 CVE-2021-21994 Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability.
network
vmware CWE-287
6.8
2021-07-12 CVE-2020-19037 Improper Authentication vulnerability in Halo 0.4.3
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.
network
low complexity
halo CWE-287
5.0
2021-07-12 CVE-2021-30640 Improper Authentication vulnerability in multiple products
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm.
network
low complexity
apache oracle CWE-287
6.4
2021-07-12 CVE-2021-3547 Improper Authentication vulnerability in Openvpn 3.6/3.6.1
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
network
openvpn CWE-287
5.8
2021-07-08 CVE-2021-29151 Improper Authentication vulnerability in Arubanetworks Clearpass Policy Manager
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9.
network
low complexity
arubanetworks CWE-287
4.0
2021-07-08 CVE-2021-25430 Improper Authentication vulnerability in Google Android
Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
low complexity
google CWE-287
3.3
2021-07-08 CVE-2021-25442 Improper Authentication vulnerability in Samsung Knox Cloud Services
Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication.
network
low complexity
samsung CWE-287
5.0
2021-07-07 CVE-2021-20776 Improper Authentication vulnerability in A-Stage-Inc At-40Cm01Sr Firmware and Sct-40Cm01Sr Firmware
Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.
network
low complexity
a-stage-inc CWE-287
7.5
2021-07-06 CVE-2021-22228 Improper Authentication vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions.
network
low complexity
gitlab CWE-287
4.0