Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-01-10 | CVE-2013-5009 | Improper Authentication vulnerability in Symantec Endpoint Protection The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account. | 7.4 |
| 2014-01-10 | CVE-2013-7282 | Improper Authentication vulnerability in Nisuta products The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header. | 10.0 |
| 2013-12-30 | CVE-2013-5038 | Improper Authentication vulnerability in HOT Hotbox Router and Hotbox Router Firmware The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session. | 5.8 |
| 2013-12-28 | CVE-2013-6006 | Improper Authentication vulnerability in Cybozu Garoon 3.5/3.5.3/3.7 Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. | 5.8 |
| 2013-12-23 | CVE-2013-6979 | Improper Authentication vulnerability in Cisco IOS XE The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227. | 5.4 |
| 2013-12-23 | CVE-2013-6890 | Improper Authentication vulnerability in multiple products denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. | 5.0 |
| 2013-12-21 | CVE-2013-5413 | Improper Authentication vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | 4.3 |
| 2013-12-19 | CVE-2013-5426 | Improper Authentication vulnerability in IBM products Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors. | 4.9 |
| 2013-12-14 | CVE-2013-4001 | Improper Authentication vulnerability in IBM Cognos Command Center 10.0/10.1 Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. | 4.3 |
| 2013-12-14 | CVE-2013-1364 | Improper Authentication vulnerability in Zabbix The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. | 5.0 |