Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-10 | CVE-2019-5426 | Improper Authentication vulnerability in UI Edgeswitch X 1.1.0 In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. | 4.8 |
| 2019-04-09 | CVE-2019-8990 | Improper Authentication vulnerability in Tibco Activematrix Businessworks The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. | 8.1 |
| 2019-04-08 | CVE-2019-11018 | Improper Authentication vulnerability in Thinkadmin 4.0 application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. | 9.8 |
| 2019-04-08 | CVE-2017-7912 | Improper Authentication vulnerability in Hanwhasecurity Srn-4000 Firmware Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication. | 9.8 |
| 2019-04-05 | CVE-2019-10884 | Improper Authentication vulnerability in Uniqkey Password Manager 1.14 Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. | 8.8 |
| 2019-04-04 | CVE-2019-10273 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. | 4.3 |
| 2019-04-02 | CVE-2017-6049 | Improper Authentication vulnerability in 3M Detcon Sitewatch Gateway Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL. | 7.5 |
| 2019-04-01 | CVE-2017-8023 | Improper Authentication vulnerability in Dell EMC Networker EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. | 9.8 |
| 2019-04-01 | CVE-2019-5890 | Improper Authentication vulnerability in Overit Geocall 6.3 An issue was discovered in OverIT Geocall 6.3 before build 2:346977. | 8.8 |
| 2019-03-30 | CVE-2019-10661 | Improper Authentication vulnerability in Grandstream Gxv3611Ir HD Firmware On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. | 9.8 |