Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-21 | CVE-2019-1938 | Improper Authentication vulnerability in Cisco UCS Director and UCS Director Express for BIG Data A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. | 9.8 |
| 2019-08-21 | CVE-2019-1937 | Improper Authentication vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. | 9.8 |
| 2019-08-20 | CVE-2019-6143 | Improper Authentication vulnerability in Forcepoint Next Generation Firewall Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW Engine. | 9.1 |
| 2019-08-15 | CVE-2019-11187 | Improper Authentication vulnerability in multiple products Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided. | 9.8 |
| 2019-08-15 | CVE-2018-14008 | Improper Authentication vulnerability in Arista EOS Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled. | 6.5 |
| 2019-08-14 | CVE-2019-15046 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. | 7.5 |
| 2019-08-13 | CVE-2019-5223 | Improper Authentication vulnerability in Huawei Pcmanager 9.1.3.1 PCManager 9.1.3.1 has an improper authentication vulnerability. | 7.8 |
| 2019-08-13 | CVE-2019-14985 | Improper Authentication vulnerability in Eq-3 Homematic Ccu2 Firmware and Homematic Ccu3 Firmware eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28. | 9.8 |
| 2019-08-08 | CVE-2018-20954 | Improper Authentication vulnerability in Mailpile The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys. | 7.5 |
| 2019-08-08 | CVE-2019-1946 | Improper Authentication vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. | 6.5 |