Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-01 | CVE-2018-5314 | Improper Authentication vulnerability in Citrix products Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt. | 7.5 |
| 2018-02-28 | CVE-2018-1286 | Improper Authentication vulnerability in Apache Openmeetings In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. | 6.5 |
| 2018-02-22 | CVE-2018-0121 | Improper Authentication vulnerability in Cisco products A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. | 9.8 |
| 2018-02-15 | CVE-2017-12549 | Improper Authentication vulnerability in HP System Management Homepage A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | 5.6 |
| 2018-02-15 | CVE-2011-4973 | Improper Authentication vulnerability in MOD NSS Project MOD NSS 1.0.8 Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password. | 9.8 |
| 2018-02-15 | CVE-2017-17161 | Improper Authentication vulnerability in Huawei Duke-L09 Firmware The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. | 6.8 |
| 2018-02-15 | CVE-2017-15351 | Improper Authentication vulnerability in Huawei Honor V9 Play Firmware Jimmyal00Ac00B135 The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. | 6.8 |
| 2018-02-14 | CVE-2018-7034 | Improper Authentication vulnerability in Trendnet products TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | 7.5 |
| 2018-02-13 | CVE-2018-5459 | Improper Authentication vulnerability in Wago Pfc200 Firmware An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. | 9.8 |
| 2018-02-12 | CVE-2017-18179 | Improper Authentication vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. | 8.8 |