Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-04 | CVE-2019-14909 | Improper Authentication vulnerability in Redhat Keycloak 7.0.0/7.0.1 A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted. | 8.3 |
| 2019-12-02 | CVE-2019-19507 | Improper Authentication vulnerability in Json Pattern Validator Project Json Pattern Validator In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. | 5.3 |
| 2019-12-02 | CVE-2019-12394 | Improper Authentication vulnerability in Anviz Management System Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. | 9.8 |
| 2019-11-29 | CVE-2019-5218 | Improper Authentication vulnerability in Huawei Band 2 Firmware and Band 3 Firmware There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. | 8.8 |
| 2019-11-26 | CVE-2019-16201 | Improper Authentication vulnerability in multiple products WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. | 7.5 |
| 2019-11-26 | CVE-2019-6675 | Improper Authentication vulnerability in F5 products BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. | 9.8 |
| 2019-11-26 | CVE-2019-14856 | Improper Authentication vulnerability in multiple products ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None | 6.5 |
| 2019-11-26 | CVE-2019-15987 | Improper Authentication vulnerability in Cisco products A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. | 5.3 |
| 2019-11-26 | CVE-2019-18250 | Improper Authentication vulnerability in ABB products In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device. | 9.8 |
| 2019-11-25 | CVE-2019-18374 | Improper Authentication vulnerability in Broadcom Symantec Critical System Protection 8.0.0 Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls. | 9.8 |