Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-37283 Improper Authentication vulnerability in Pingidentity Pingfederate
Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter
network
low complexity
pingidentity CWE-287
critical
9.8
2023-10-23 CVE-2023-5246 Improper Authentication vulnerability in Sick products
Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay.
network
low complexity
sick CWE-287
8.8
2023-10-22 CVE-2023-38735 Improper Authentication vulnerability in IBM Cognos Dashboards on Cloud PAK for Data 4.7.0
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw.
network
low complexity
ibm CWE-287
6.5
2023-10-21 CVE-2023-4939 Improper Authentication vulnerability in Salesmanago 3.2.4
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4.
network
low complexity
salesmanago CWE-287
5.3
2023-10-19 CVE-2023-41089 Improper Authentication vulnerability in Dexma Dexgate 20130114
The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests.
network
low complexity
dexma CWE-287
8.8
2023-10-13 CVE-2023-4562 Improper Authentication vulnerability in Mitsubishielectric products
Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.
network
low complexity
mitsubishielectric CWE-287
critical
9.1
2023-10-12 CVE-2023-41261 Improper Authentication vulnerability in Plixer Scrutinizer
An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1.
network
low complexity
plixer CWE-287
5.3
2023-10-12 CVE-2023-23632 Improper Authentication vulnerability in Beyondtrust Privileged Remote Access
BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass.
local
low complexity
beyondtrust CWE-287
7.8
2023-10-11 CVE-2023-24479 Improper Authentication vulnerability in Yifanwireless Yf325 Firmware 1.020221108
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108.
network
low complexity
yifanwireless CWE-287
critical
9.8
2023-10-04 CVE-2021-3784 Improper Authentication vulnerability in Garudalinux Garuda Linux
Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account.
local
high complexity
garudalinux CWE-287
7.0