Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-20 | CVE-2017-16748 | Improper Authentication vulnerability in Tridium Niagara and Niagara AX Framework An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system. | 9.8 |
| 2018-08-20 | CVE-2018-14078 | Improper Authentication vulnerability in Wi2Be Smart HP WMT R1.2.20201400922 Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack). | 9.8 |
| 2018-08-16 | CVE-2018-13446 | Improper Authentication vulnerability in Linecorp Line 8.8.1 An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. | 7.0 |
| 2018-08-16 | CVE-2018-13435 | Improper Authentication vulnerability in Linecorp Line 8.8.0 An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. | 7.0 |
| 2018-08-16 | CVE-2018-13434 | Improper Authentication vulnerability in Linecorp Line 8.8.0 An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. | 6.3 |
| 2018-08-15 | CVE-2018-15152 | Improper Authentication vulnerability in Open-Emr Openemr Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient. | 9.1 |
| 2018-08-14 | CVE-2018-2449 | Improper Authentication vulnerability in SAP Supplier Relationship Management MDM Catalog 3.73/7.31/7.32 SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. | 8.6 |
| 2018-08-13 | CVE-2018-14781 | Improper Authentication vulnerability in Medtronicdiabetes products Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolus" options enabled (non-default), are vulnerable to a capture-replay attack. | 5.3 |
| 2018-08-13 | CVE-2018-11770 | Improper Authentication vulnerability in Apache Spark From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. | 4.2 |
| 2018-08-12 | CVE-2018-3775 | Improper Authentication vulnerability in Nextcloud Server Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | 8.8 |