Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-6344 | Improper Authentication vulnerability in Tylertech Court Case Management Plus Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. | 5.3 |
| 2023-11-30 | CVE-2023-6353 | Improper Authentication vulnerability in Tylertech Court Case Management Plus Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter. | 9.4 |
| 2023-11-30 | CVE-2023-6354 | Improper Authentication vulnerability in Tylertech Court Case Management Plus Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter. | 9.4 |
| 2023-11-30 | CVE-2023-34388 | Improper Authentication vulnerability in Selinc Sel-451 Firmware An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. | 9.8 |
| 2023-11-28 | CVE-2023-29062 | Improper Authentication vulnerability in BD Facschorus The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. | 3.8 |
| 2023-11-28 | CVE-2023-48121 | Improper Authentication vulnerability in Ezviz products An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices. | 5.3 |
| 2023-11-28 | CVE-2023-41264 | Improper Authentication vulnerability in Netwrix Usercube Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. | 9.8 |
| 2023-11-27 | CVE-2023-41999 | Improper Authentication vulnerability in Arcserve UDP An authentication bypass exists in Arcserve UDP prior to version 9.2. | 9.8 |
| 2023-11-27 | CVE-2023-6329 | Improper Authentication vulnerability in Controlid Idsecure 4.7.32.0 An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. | 9.8 |
| 2023-11-22 | CVE-2023-2437 | Improper Authentication vulnerability in Userproplugin Userpro The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. | 8.1 |