Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-16 | CVE-2023-39846 | Improper Authentication vulnerability in Pantsel Konga 0.14.9 An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token. | 9.8 |
| 2023-08-15 | CVE-2023-35082 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |
| 2023-08-14 | CVE-2023-3263 | Improper Authentication vulnerability in Dataprobe products The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution. | 7.5 |
| 2023-08-13 | CVE-2023-39380 | Improper Authentication vulnerability in Huawei Emui and Harmonyos Permission control vulnerability in the audio module. | 7.5 |
| 2023-08-11 | CVE-2023-40253 | Improper Authentication vulnerability in Genians Genian NAC and Genian Ztna Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. | 9.8 |
| 2023-08-11 | CVE-2023-40260 | Improper Authentication vulnerability in Empowerid 7.205.0.0 EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). | 9.1 |
| 2023-08-08 | CVE-2023-21626 | Improper Authentication vulnerability in Qualcomm products Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. | 7.1 |
| 2023-08-07 | CVE-2023-32090 | Improper Authentication vulnerability in Pega Platform Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials | 9.8 |
| 2023-08-04 | CVE-2023-0264 | Improper Authentication vulnerability in Redhat products A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. | 5.0 |
| 2023-08-04 | CVE-2023-38691 | Improper Authentication vulnerability in Matrix Matrix-Appservice-Bridge matrix-appservice-bridge provides an API for setting up bridges. | 6.5 |