Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-17 | CVE-2019-9497 | Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. | 8.1 |
| 2019-04-17 | CVE-2019-9496 | Improper Authentication vulnerability in multiple products An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. | 7.5 |
| 2019-04-17 | CVE-2019-3798 | Improper Authentication vulnerability in Cloudfoundry Capi-Release Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. | 7.5 |
| 2019-04-17 | CVE-2017-11430 | Improper Authentication vulnerability in Omniauth Saml OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | 9.8 |
| 2019-04-17 | CVE-2017-11429 | Improper Authentication vulnerability in Clever Saml2-Js Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | 9.8 |
| 2019-04-17 | CVE-2017-11428 | Improper Authentication vulnerability in Onelogin Ruby-Saml OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | 9.8 |
| 2019-04-17 | CVE-2017-11427 | Improper Authentication vulnerability in Onelogin Pythonsaml OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | 9.8 |
| 2019-04-10 | CVE-2019-0282 | Improper Authentication vulnerability in SAP Netweaver Process Integration Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker. | 5.3 |
| 2019-04-10 | CVE-2019-5426 | Improper Authentication vulnerability in UI Edgeswitch X 1.1.0 In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. | 4.8 |
| 2019-04-09 | CVE-2019-8990 | Improper Authentication vulnerability in Tibco Activematrix Businessworks The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. | 8.1 |