Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-17 | CVE-2017-11429 | Improper Authentication vulnerability in Clever Saml2-Js Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | 9.8 |
| 2019-04-17 | CVE-2017-11428 | Improper Authentication vulnerability in Onelogin Ruby-Saml OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | 9.8 |
| 2019-04-17 | CVE-2017-11427 | Improper Authentication vulnerability in Onelogin Pythonsaml OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | 9.8 |
| 2019-04-10 | CVE-2019-0282 | Improper Authentication vulnerability in SAP Netweaver Process Integration Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker. | 5.3 |
| 2019-04-10 | CVE-2019-5426 | Improper Authentication vulnerability in UI Edgeswitch X 1.1.0 In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. | 4.8 |
| 2019-04-09 | CVE-2019-8990 | Improper Authentication vulnerability in Tibco Activematrix Businessworks The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. | 8.1 |
| 2019-04-08 | CVE-2019-11018 | Improper Authentication vulnerability in Thinkadmin 4.0 application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. | 9.8 |
| 2019-04-08 | CVE-2017-7912 | Improper Authentication vulnerability in Hanwhasecurity Srn-4000 Firmware Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication. | 9.8 |
| 2019-04-05 | CVE-2019-10884 | Improper Authentication vulnerability in Uniqkey Password Manager 1.14 Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. | 8.8 |
| 2019-04-04 | CVE-2019-10273 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. | 4.3 |