Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-02 | CVE-2017-12281 | Improper Authentication vulnerability in Cisco products A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. | 7.5 |
| 2017-11-02 | CVE-2017-10873 | Improper Authentication vulnerability in Osstech Openam OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. | 8.1 |
| 2017-10-26 | CVE-2017-1222 | Improper Authentication vulnerability in IBM Bigfix Platform 9.2/9.5 IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 6.5 |
| 2017-10-26 | CVE-2017-12160 | Improper Authentication vulnerability in Redhat Keycloak It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. | 7.2 |
| 2017-10-23 | CVE-2017-9946 | Improper Authentication vulnerability in Siemens products A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. | 7.5 |
| 2017-10-19 | CVE-2017-5635 | Improper Authentication vulnerability in Apache Nifi In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user. | 7.5 |
| 2017-10-19 | CVE-2017-12251 | Improper Authentication vulnerability in Cisco Cloud Services Platform 2100 A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device. | 9.9 |
| 2017-10-18 | CVE-2017-14322 | Improper Authentication vulnerability in Interspire Email Marketer The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value. | 9.8 |
| 2017-10-17 | CVE-2017-9625 | Improper Authentication vulnerability in Envitech Envidas Ultimate 1.0.0.4 An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. | 8.2 |
| 2017-10-16 | CVE-2017-15297 | Improper Authentication vulnerability in SAP Host Agent 7.21 SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. | 7.5 |