Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-04 | CVE-2023-46963 | Improper Authentication vulnerability in Kaoshifeng Yunfan Learning Examination System 6.5 An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function. | 5.3 |
| 2023-11-03 | CVE-2022-44569 | Improper Authentication vulnerability in Ivanti Automation A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. | 7.8 |
| 2023-11-02 | CVE-2023-26455 | Improper Authentication vulnerability in Open-Xchange Appsuite RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. | 7.8 |
| 2023-11-02 | CVE-2023-46327 | Improper Authentication vulnerability in multiple products Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. | 5.9 |
| 2023-10-30 | CVE-2023-21297 | Improper Authentication vulnerability in Google Android In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. | 4.4 |
| 2023-10-30 | CVE-2023-21307 | Improper Authentication vulnerability in Google Android In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. | 5.0 |
| 2023-10-30 | CVE-2023-5844 | Improper Authentication vulnerability in Pimcore Admin Classic Bundle Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0. | 7.2 |
| 2023-10-27 | CVE-2023-35794 | Improper Authentication vulnerability in Cassianetworks Access Controller 2.1.1.2303271039 An issue was discovered in Cassia Access Controller 2.1.1.2303271039. | 8.8 |
| 2023-10-27 | CVE-2023-46290 | Improper Authentication vulnerability in Rockwellautomation Factorytalk Services Platform Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . | 8.1 |
| 2023-10-25 | CVE-2023-27377 | Improper Authentication vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 |