Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-19 | CVE-2023-41089 | Improper Authentication vulnerability in Dexma Dexgate 20130114 The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests. | 8.8 |
| 2023-10-13 | CVE-2023-4562 | Improper Authentication vulnerability in Mitsubishielectric products Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages. | 9.1 |
| 2023-10-12 | CVE-2023-41261 | Improper Authentication vulnerability in Plixer Scrutinizer An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. | 5.3 |
| 2023-10-12 | CVE-2023-23632 | Improper Authentication vulnerability in Beyondtrust Privileged Remote Access BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. | 7.8 |
| 2023-10-11 | CVE-2023-24479 | Improper Authentication vulnerability in Yifanwireless Yf325 Firmware 1.020221108 An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. | 9.8 |
| 2023-10-04 | CVE-2021-3784 | Improper Authentication vulnerability in Garudalinux Garuda Linux Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. | 7.0 |
| 2023-10-04 | CVE-2023-40376 | Improper Authentication vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. | 6.5 |
| 2023-10-03 | CVE-2023-28540 | Improper Authentication vulnerability in Qualcomm products Cryptographic issue in Data Modem due to improper authentication during TLS handshake. | 7.5 |
| 2023-10-03 | CVE-2023-26150 | Improper Authentication vulnerability in Freeopcua Opcua-Asyncio Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session. | 7.5 |
| 2023-10-03 | CVE-2023-42771 | Improper Authentication vulnerability in Furunosystems Acera 1310 Firmware and Acera 1320 Firmware Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files and/or firmware. | 8.8 |