Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-05 | CVE-2017-1264 | Improper Authentication vulnerability in IBM Security Guardium IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. | 7.5 |
| 2017-07-05 | CVE-2017-1258 | Improper Authentication vulnerability in IBM Security Guardium IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 6.5 |
| 2017-07-04 | CVE-2017-10807 | Improper Authentication vulnerability in Jabberd2 JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. | 9.8 |
| 2017-07-04 | CVE-2017-6722 | Improper Authentication vulnerability in Cisco Unified Contact Center Express 11.5.1Es01/11.5.1Su1/11.5(1) A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. | 6.1 |
| 2017-07-04 | CVE-2017-6703 | Improper Authentication vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. | 5.9 |
| 2017-07-03 | CVE-2017-7919 | Improper Authentication vulnerability in Newport Xps-Cx Firmware and Xps-Qx Firmware An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. | 9.8 |
| 2017-07-02 | CVE-2017-10796 | Improper Authentication vulnerability in Tp-Link Nc250 Firmware 1.0.10/1.0.8/1.2.1 On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. | 6.5 |
| 2017-06-30 | CVE-2017-10709 | Improper Authentication vulnerability in Google Android 6.0 The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess. | 6.8 |
| 2017-06-30 | CVE-2017-6034 | Improper Authentication vulnerability in Schneider-Electric Modbus Firmware An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. | 9.8 |
| 2017-06-27 | CVE-2015-1778 | Improper Authentication vulnerability in Opendaylight The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. | 9.8 |