Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-27 | CVE-2023-35794 | Improper Authentication vulnerability in Cassianetworks Access Controller 2.1.1.2303271039 An issue was discovered in Cassia Access Controller 2.1.1.2303271039. | 8.8 |
| 2023-10-27 | CVE-2023-46290 | Improper Authentication vulnerability in Rockwellautomation Factorytalk Services Platform Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . | 8.1 |
| 2023-10-25 | CVE-2023-27377 | Improper Authentication vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 |
| 2023-10-25 | CVE-2023-37283 | Improper Authentication vulnerability in Pingidentity Pingfederate Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter | 9.8 |
| 2023-10-23 | CVE-2023-5246 | Improper Authentication vulnerability in Sick products Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay. | 8.8 |
| 2023-10-22 | CVE-2023-38735 | Improper Authentication vulnerability in IBM Cognos Dashboards on Cloud PAK for Data 4.7.0 IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. | 6.5 |
| 2023-10-21 | CVE-2023-4939 | Improper Authentication vulnerability in Salesmanago 3.2.4 The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. | 5.3 |
| 2023-10-19 | CVE-2023-41089 | Improper Authentication vulnerability in Dexma Dexgate 20130114 The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests. | 8.8 |
| 2023-10-13 | CVE-2023-4562 | Improper Authentication vulnerability in Mitsubishielectric products Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages. | 9.1 |
| 2023-10-12 | CVE-2023-41261 | Improper Authentication vulnerability in Plixer Scrutinizer An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. | 5.3 |