Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-1000030 | Improper Authentication vulnerability in Oracle Glassfish Server 3.0.1 Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface. | 9.8 |
| 2017-07-17 | CVE-2017-1000020 | Improper Authentication vulnerability in Ecos Embedded web Servers 1.3.1 SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. | 9.8 |
| 2017-07-13 | CVE-2016-8951 | Improper Authentication vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. | 7.5 |
| 2017-07-11 | CVE-2017-8495 | Improper Authentication vulnerability in Microsoft products Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka "Kerberos SNAME Security Feature Bypass Vulnerability" or Orpheus' Lyre. | 7.5 |
| 2017-07-10 | CVE-2017-5640 | Improper Authentication vulnerability in Apache Impala 2.7.0/2.8.0 It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). | 9.8 |
| 2017-07-07 | CVE-2017-7660 | Improper Authentication vulnerability in Apache Solr Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. | 7.5 |
| 2017-07-07 | CVE-2017-6868 | Improper Authentication vulnerability in Siemens Simatic CP 44X-1 Redundant Network Access Modules 1.4.0 An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. | 8.1 |
| 2017-07-07 | CVE-2017-2186 | Improper Authentication vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101 HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI. | 8.8 |
| 2017-07-07 | CVE-2017-7405 | Improper Authentication vulnerability in Dlink Dir-615 20.12Ptb01 On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. | 9.8 |
| 2017-07-06 | CVE-2017-6711 | Improper Authentication vulnerability in Cisco Ultra Services Framework A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. | 9.1 |