Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-03 | CVE-2024-7346 | Improper Authentication vulnerability in Progress Openedge Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security. The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation. | 4.8 |
| 2024-08-28 | CVE-2024-7745 | Improper Authentication vulnerability in Progress WS FTP Server In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only. | 8.1 |
| 2024-08-27 | CVE-2024-8181 | Improper Authentication vulnerability in Flowiseai Flowise 1.8.2 An Authentication Bypass vulnerability exists in Flowise version 1.8.2. | 8.1 |
| 2024-08-26 | CVE-2024-7401 | Improper Authentication vulnerability in Netskope Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. | 7.5 |
| 2024-08-20 | CVE-2024-43409 | Improper Authentication vulnerability in Ghost Ghost is a Node.js content management system. | 6.5 |
| 2024-08-20 | CVE-2024-42336 | Improper Authentication vulnerability in Servision IVG Webmax 1.0.57 Servision - CWE-287: Improper Authentication | 9.8 |
| 2024-08-16 | CVE-2024-42462 | Improper Authentication vulnerability in Upkeeper Manager Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9. | 9.8 |
| 2024-08-15 | CVE-2024-31800 | Improper Authentication vulnerability in Gncchome Gncc C2 Firmware Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port. | 6.8 |
| 2024-08-14 | CVE-2024-25157 | Improper Authentication vulnerability in Fortra Goanywhere Managed File Transfer An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. | 6.5 |
| 2024-08-14 | CVE-2024-37028 | Improper Authentication vulnerability in F5 Big-Ip Next Central Manager BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.3 |