Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-23 | CVE-2016-6659 | Improper Authentication vulnerability in multiple products Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider. | 8.1 |
| 2016-12-14 | CVE-2016-6474 | Improper Authentication vulnerability in Cisco IOS 15.5(2.25)T A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. | 7.3 |
| 2016-12-13 | CVE-2016-4322 | Improper Authentication vulnerability in BMC Bladelogic Server Automation Console 8.7.00 BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process. | 9.8 |
| 2016-11-30 | CVE-2016-2944 | Improper Authentication vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. | 9.8 |
| 2016-11-03 | CVE-2016-6452 | Improper Authentication vulnerability in Cisco Prime Home 5.0Base/5.1Base/5.2.0 A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. | 9.8 |
| 2016-10-28 | CVE-2016-6397 | Improper Authentication vulnerability in Cisco IP Interoperability and Collaboration System A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. | 9.8 |
| 2016-10-06 | CVE-2016-6434 | Improper Authentication vulnerability in Cisco Secure Firewall Management Center 6.0.1 Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. | 7.8 |
| 2016-10-05 | CVE-2016-5686 | Improper Authentication vulnerability in Animas Onetouch Ping Firmware Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol. | 9.8 |
| 2016-10-05 | CVE-2016-5086 | Improper Authentication vulnerability in Animas Onetouch Ping Firmware Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. | 9.8 |
| 2016-10-03 | CVE-2016-7141 | Improper Authentication vulnerability in multiple products curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. | 7.5 |