Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-08 | CVE-2018-1443 | Improper Authentication vulnerability in IBM products An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. | 5.9 |
| 2018-03-08 | CVE-2017-7638 | Improper Authentication vulnerability in Qnap Media Streaming Add-On QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. | 6.5 |
| 2018-03-08 | CVE-2018-0087 | Improper Authentication vulnerability in Cisco Asyncos 10.5.1296 A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. | 5.6 |
| 2018-03-07 | CVE-2018-7745 | Improper Authentication vulnerability in Cobub Razor 0.7.2 An issue was discovered in Western Bridge Cobub Razor 0.7.2. | 7.5 |
| 2018-03-06 | CVE-2018-1343 | Improper Authentication vulnerability in Netiq Privileged Account Manager PAM exposure enabling unauthenticated access to remote host | 9.8 |
| 2018-03-06 | CVE-2017-15519 | Improper Authentication vulnerability in Netapp Snapcenter Server 2.0/3.0/3.0.1 Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. | 7.2 |
| 2018-03-05 | CVE-2018-5455 | Improper Authentication vulnerability in Moxa products A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. | 9.8 |
| 2018-03-02 | CVE-2017-9285 | Improper Authentication vulnerability in multiple products NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | 9.8 |
| 2018-03-02 | CVE-2017-5189 | Improper Authentication vulnerability in Netiq Imanager NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance. | 7.5 |
| 2018-03-01 | CVE-2018-5314 | Improper Authentication vulnerability in Citrix products Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt. | 7.5 |