Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-21 | CVE-2023-37918 | Improper Authentication vulnerability in Linuxfoundation Dapr Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. | 7.5 |
| 2023-07-19 | CVE-2023-27877 | Improper Authentication vulnerability in IBM Cloud PAK for Data 4.0 IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. | 7.5 |
| 2023-07-17 | CVE-2023-3591 | Improper Authentication vulnerability in Mattermost Server Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created. | 8.2 |
| 2023-07-17 | CVE-2023-35901 | Improper Authentication vulnerability in IBM products IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. | 5.3 |
| 2023-07-14 | CVE-2023-36466 | Improper Authentication vulnerability in Discourse Discourse is an open source discussion platform. | 4.3 |
| 2023-07-14 | CVE-2023-2975 | Improper Authentication vulnerability in multiple products Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. | 5.3 |
| 2023-07-13 | CVE-2023-30560 | Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware 12.1.3/9.33.1 The configuration from the PCU can be modified without authentication using physical connection to the PCU. | 6.8 |
| 2023-07-13 | CVE-2023-30559 | Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware 12.1.3/9.33.1 The firmware update package for the wireless card is not properly signed and can be modified. | 5.7 |
| 2023-07-13 | CVE-2023-34137 | Improper Authentication vulnerability in Sonicwall Analytics and Global Management System SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. | 9.8 |
| 2023-07-13 | CVE-2023-34124 | Improper Authentication vulnerability in Sonicwall Analytics and Global Management System The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. | 9.8 |