Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-18 | CVE-2017-9803 | Improper Authentication vulnerability in Apache Solr Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. | 7.5 |
| 2017-09-17 | CVE-2017-14243 | Improper Authentication vulnerability in Utstar Wa3002G4 Firmware Wa3002G40021.01 An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi. | 9.8 |
| 2017-09-14 | CVE-2017-1002024 | Improper Authentication vulnerability in Kindsoft Kind Editor and Kindeditor Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files. | 4.3 |
| 2017-09-12 | CVE-2017-1520 | Improper Authentication vulnerability in IBM DB2 and DB2 Connect IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. | 3.7 |
| 2017-09-12 | CVE-2017-14337 | Improper Authentication vulnerability in Misp-Project Misp When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user. | 8.1 |
| 2017-09-12 | CVE-2014-9624 | Improper Authentication vulnerability in Mantisbt CAPTCHA bypass vulnerability in MantisBT before 1.2.19. | 7.5 |
| 2017-09-11 | CVE-2017-7650 | Improper Authentication vulnerability in multiple products In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. | 6.5 |
| 2017-09-11 | CVE-2017-7649 | Improper Authentication vulnerability in Eclipse Kura The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. | 9.8 |
| 2017-09-07 | CVE-2017-12213 | Improper Authentication vulnerability in Cisco IOS XE A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. | 4.3 |
| 2017-09-07 | CVE-2017-14147 | Improper Authentication vulnerability in Fiberhome Adsl An1020-25 Firmware An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. | 9.8 |