Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2018-03-05 CVE-2018-5455 Improper Authentication vulnerability in Moxa products
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior.
network
low complexity
moxa CWE-287
critical
9.8
2018-03-02 CVE-2017-9285 Improper Authentication vulnerability in multiple products
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
network
low complexity
netiq microfocus CWE-287
critical
9.8
2018-03-02 CVE-2017-5189 Improper Authentication vulnerability in Netiq Imanager
NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.
network
low complexity
netiq CWE-287
7.5
2018-03-01 CVE-2018-5314 Improper Authentication vulnerability in Citrix products
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.
network
low complexity
citrix CWE-287
7.5
2018-02-28 CVE-2018-1286 Improper Authentication vulnerability in Apache Openmeetings
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.
network
low complexity
apache CWE-287
6.5
2018-02-22 CVE-2018-0121 Improper Authentication vulnerability in Cisco products
A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system.
network
low complexity
cisco CWE-287
critical
9.8
2018-02-15 CVE-2017-12549 Improper Authentication vulnerability in HP System Management Homepage
A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
local
high complexity
hp CWE-287
5.6
2018-02-15 CVE-2011-4973 Improper Authentication vulnerability in MOD NSS Project MOD NSS 1.0.8
Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password.
network
low complexity
mod-nss-project CWE-287
critical
9.8
2018-02-15 CVE-2017-17161 Improper Authentication vulnerability in Huawei Duke-L09 Firmware
The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability.
low complexity
huawei CWE-287
6.8
2018-02-15 CVE-2017-15351 Improper Authentication vulnerability in Huawei Honor V9 Play Firmware Jimmyal00Ac00B135
The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability.
low complexity
huawei CWE-287
6.8