Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-37283 | Improper Authentication vulnerability in Pingidentity Pingfederate Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter | 9.8 |
| 2023-10-23 | CVE-2023-5246 | Improper Authentication vulnerability in Sick products Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay. | 8.8 |
| 2023-10-22 | CVE-2023-38735 | Improper Authentication vulnerability in IBM Cognos Dashboards on Cloud PAK for Data 4.7.0 IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. | 6.5 |
| 2023-10-21 | CVE-2023-4939 | Improper Authentication vulnerability in Salesmanago 3.2.4 The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. | 5.3 |
| 2023-10-19 | CVE-2023-41089 | Improper Authentication vulnerability in Dexma Dexgate 20130114 The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests. | 8.8 |
| 2023-10-16 | CVE-2023-45669 | Improper Authentication vulnerability in Webauthn4J Spring Security WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. | 5.3 |
| 2023-10-13 | CVE-2023-4562 | Improper Authentication vulnerability in Mitsubishielectric products Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages. | 9.1 |
| 2023-10-12 | CVE-2023-41261 | Improper Authentication vulnerability in Plixer Scrutinizer An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. | 5.3 |
| 2023-10-12 | CVE-2023-23632 | Improper Authentication vulnerability in Beyondtrust Privileged Remote Access BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. | 7.8 |
| 2023-10-11 | CVE-2023-24479 | Improper Authentication vulnerability in Yifanwireless Yf325 Firmware 1.020221108 An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. | 9.8 |