Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2017-10-19 CVE-2017-12251 Improper Authentication vulnerability in Cisco Cloud Services Platform 2100
A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device.
network
low complexity
cisco CWE-287
critical
9.9
2017-10-18 CVE-2017-14322 Improper Authentication vulnerability in Interspire Email Marketer
The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.
network
low complexity
interspire CWE-287
critical
9.8
2017-10-17 CVE-2017-9625 Improper Authentication vulnerability in Envitech Envidas Ultimate 1.0.0.4
An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5.
network
low complexity
envitech CWE-287
8.2
2017-10-16 CVE-2017-15297 Improper Authentication vulnerability in SAP Host Agent 7.21
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint.
network
low complexity
sap CWE-287
7.5
2017-10-16 CVE-2017-15295 Improper Authentication vulnerability in SAP Point of Sale Xpress Server 1020/1030
Xpress Server in SAP POS does not require authentication for read/write/delete file access.
network
low complexity
sap CWE-287
critical
9.8
2017-10-16 CVE-2017-15293 Improper Authentication vulnerability in SAP Point of Sale Xpress Server 1020/1030
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials.
network
low complexity
sap CWE-287
critical
9.8
2017-10-13 CVE-2017-10623 Improper Authentication vulnerability in Juniper Junos Space
Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes.
network
high complexity
juniper CWE-287
8.1
2017-10-13 CVE-2017-10622 Improper Authentication vulnerability in Juniper Junos Space 16.1/17.1
An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user.
network
low complexity
juniper CWE-287
critical
9.8
2017-10-13 CVE-2016-5791 Improper Authentication vulnerability in Jantek Jtc-200 Firmware
An Improper Authentication issue was discovered in JanTek JTC-200, all versions.
network
low complexity
jantek CWE-287
critical
9.8
2017-10-11 CVE-2017-5791 Improper Authentication vulnerability in HP Intelligent Management Center Plat 7.2
The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.
network
low complexity
hp CWE-287
critical
9.8