Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2024-02-07 CVE-2024-23806 Improper Authentication vulnerability in Hidglobal products
Sensitive data can be extracted from HID iCLASS SE reader configuration cards.
low complexity
hidglobal CWE-287
5.3
2024-02-07 CVE-2023-39196 Improper Authentication vulnerability in Apache Ozone 1.2.0/1.2.1/1.3.0
Improper Authentication vulnerability in Apache Ozone. The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication. The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability. The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone. This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0. Users are recommended to upgrade to version 1.4.0, which fixes the issue.
network
low complexity
apache CWE-287
5.3
2024-02-06 CVE-2024-24592 Improper Authentication vulnerability in Clear Clearml
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files.
network
low complexity
clear CWE-287
critical
9.8
2024-02-06 CVE-2024-20815 Improper Authentication vulnerability in Samsung Android 11.0/12.0
Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.
low complexity
samsung CWE-287
6.5
2024-02-06 CVE-2024-20816 Improper Authentication vulnerability in Samsung Android 11.0/12.0
Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.
low complexity
samsung CWE-287
6.5
2024-02-02 CVE-2023-39303 Improper Authentication vulnerability in Qnap Qts, Quts Hero and Qutscloud
An improper authentication vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-287
critical
9.8
2024-02-02 CVE-2023-50934 Improper Authentication vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.
network
low complexity
ibm CWE-287
5.3
2024-02-01 CVE-2023-47256 Improper Authentication vulnerability in Connectwise Automate and Screenconnect
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings
local
low complexity
connectwise CWE-287
5.5
2024-02-01 CVE-2024-1039 Improper Authentication vulnerability in Gesslergmbh Web-Master Firmware 7.9
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.
network
low complexity
gesslergmbh CWE-287
critical
9.8
2024-01-31 CVE-2024-23637 Improper Authentication vulnerability in Octoprint 1.2.18
OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password.
network
low complexity
octoprint CWE-287
4.9