Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-05-15 | CVE-2013-1337 | Improper Authentication vulnerability in Microsoft .Net Framework 4.5 Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." | 7.5 |
2013-05-10 | CVE-2013-0937 | Improper Authentication vulnerability in EMC products Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors. | 5.8 |
2013-05-10 | CVE-2013-0578 | Improper Authentication vulnerability in IBM products The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI. | 3.5 |
2013-05-08 | CVE-2013-1241 | Improper Authentication vulnerability in Cisco products The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025. | 6.3 |
2013-04-25 | CVE-2013-1186 | Improper Authentication vulnerability in Cisco products Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746. | 7.5 |
2013-04-24 | CVE-2013-3268 | Improper Authentication vulnerability in Novell Imanager Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. | 10.0 |
2013-04-24 | CVE-2013-0540 | Improper Authentication vulnerability in IBM Websphere Application Server 8.5.0.0/8.5.0.1 IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session. | 3.5 |
2013-04-21 | CVE-2013-3060 | Improper Authentication vulnerability in Apache Activemq The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. | 6.4 |
2013-04-12 | CVE-2013-0314 | Improper Authentication vulnerability in Redhat Jboss Enterprise Portal Platform 5.2.2 The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets. | 7.5 |
2013-04-12 | CVE-2013-0282 | Improper Authentication vulnerability in Openstack Keystone OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions. | 5.0 |