Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-27 | CVE-2012-4614 | Improper Authentication vulnerability in EMC IT Operations Intelligence 9.0 The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session. | 9.3 |
| 2012-11-26 | CVE-2012-2437 | Improper Authentication vulnerability in Awcm-Cms AR web Content Manager 2.2 cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter. | 5.0 |
| 2012-11-23 | CVE-2012-2377 | Improper Authentication vulnerability in Redhat products JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast. | 3.3 |
| 2012-11-23 | CVE-2012-5758 | Improper Authentication vulnerability in IBM Websphere Datapower Xc10 Appliance The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors. | 7.8 |
| 2012-11-17 | CVE-2012-5887 | Improper Authentication vulnerability in Apache Tomcat The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. | 5.0 |
| 2012-11-17 | CVE-2012-5886 | Improper Authentication vulnerability in Apache Tomcat The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. | 5.0 |
| 2012-11-16 | CVE-2012-4613 | Improper Authentication vulnerability in EMC RSA Data Protection Manager Appliance EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack. | 6.9 |
| 2012-11-08 | CVE-2012-4021 | Improper Authentication vulnerability in Mosp Kintai Kanri MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors. | 5.5 |
| 2012-11-08 | CVE-2012-3315 | Improper Authentication vulnerability in IBM products The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request. | 5.0 |
| 2012-10-09 | CVE-2012-5353 | Improper Authentication vulnerability in Eduserv Openathens Service Provider 2.0 Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack." | 5.8 |