Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2023-08-02 CVE-2023-3470 Improper Authentication vulnerability in F5 products
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account.
low complexity
f5 CWE-287
6.1
2023-08-01 CVE-2023-33563 Improper Authentication vulnerability in PHPjabbers Time Slots Booking Calendar 3.3
In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.
network
low complexity
phpjabbers CWE-287
8.8
2023-07-26 CVE-2023-38555 Improper Authentication vulnerability in Fujitsu products
Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products.
low complexity
fujitsu CWE-287
8.8
2023-07-25 CVE-2023-2626 Improper Authentication vulnerability in Google products
There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network. This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router’s NAT firewall.
low complexity
google CWE-287
8.8
2023-07-25 CVE-2023-35078 Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
network
low complexity
ivanti CWE-287
critical
9.8
2023-07-21 CVE-2023-37918 Improper Authentication vulnerability in Linuxfoundation Dapr
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge.
network
low complexity
linuxfoundation CWE-287
7.5
2023-07-19 CVE-2023-27877 Improper Authentication vulnerability in IBM Cloud PAK for Data 4.0
IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server.
network
low complexity
ibm CWE-287
7.5
2023-07-17 CVE-2023-3591 Improper Authentication vulnerability in Mattermost Server
Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.
network
low complexity
mattermost CWE-287
8.2
2023-07-17 CVE-2023-35901 Improper Authentication vulnerability in IBM products
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields.
network
low complexity
ibm CWE-287
5.3
2023-07-14 CVE-2023-36466 Improper Authentication vulnerability in Discourse
Discourse is an open source discussion platform.
network
low complexity
discourse CWE-287
4.3