Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-02 | CVE-2023-26455 | Improper Authentication vulnerability in Open-Xchange Appsuite RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. | 7.8 |
| 2023-11-02 | CVE-2023-46327 | Improper Authentication vulnerability in multiple products Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. | 5.9 |
| 2023-10-30 | CVE-2023-21297 | Improper Authentication vulnerability in Google Android In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. | 4.4 |
| 2023-10-30 | CVE-2023-21307 | Improper Authentication vulnerability in Google Android In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. | 5.0 |
| 2023-10-30 | CVE-2023-5844 | Improper Authentication vulnerability in Pimcore Admin Classic Bundle Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0. | 7.2 |
| 2023-10-27 | CVE-2023-35794 | Improper Authentication vulnerability in Cassianetworks Access Controller 2.1.1.2303271039 An issue was discovered in Cassia Access Controller 2.1.1.2303271039. | 8.8 |
| 2023-10-27 | CVE-2023-46290 | Improper Authentication vulnerability in Rockwellautomation Factorytalk Services Platform Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . | 8.1 |
| 2023-10-25 | CVE-2023-27377 | Improper Authentication vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 |
| 2023-10-25 | CVE-2023-37283 | Improper Authentication vulnerability in Pingidentity Pingfederate Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter | 9.8 |
| 2023-10-23 | CVE-2023-5246 | Improper Authentication vulnerability in Sick products Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay. | 8.8 |