Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-2341 | Improper Authentication vulnerability in Juniper Junos An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges. | 8.8 |
| 2017-07-17 | CVE-2017-10601 | Improper Authentication vulnerability in Juniper Junos A specific device configuration can result in a commit failure condition. | 9.8 |
| 2017-07-17 | CVE-2017-1000071 | Improper Authentication vulnerability in Apereo PHPcas 1.3.4 Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. | 8.1 |
| 2017-07-17 | CVE-2017-1000068 | Improper Authentication vulnerability in Betterment Testtrack 1.0 TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field. | 7.5 |
| 2017-07-17 | CVE-2017-1000030 | Improper Authentication vulnerability in Oracle Glassfish Server 3.0.1 Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface. | 9.8 |
| 2017-07-17 | CVE-2017-1000020 | Improper Authentication vulnerability in Ecos Embedded web Servers 1.3.1 SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. | 9.8 |
| 2017-07-13 | CVE-2016-8951 | Improper Authentication vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. | 7.5 |
| 2017-07-11 | CVE-2017-8495 | Improper Authentication vulnerability in Microsoft products Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka "Kerberos SNAME Security Feature Bypass Vulnerability" or Orpheus' Lyre. | 7.5 |
| 2017-07-10 | CVE-2017-5640 | Improper Authentication vulnerability in Apache Impala 2.7.0/2.8.0 It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). | 9.8 |
| 2017-07-07 | CVE-2017-7660 | Improper Authentication vulnerability in Apache Solr Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. | 7.5 |