Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-29 | CVE-2023-28503 | Improper Authentication vulnerability in Rocketsoftware Unidata and Universe Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user. | 9.8 |
| 2023-03-28 | CVE-2023-28398 | Improper Authentication vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. | 9.8 |
| 2023-03-27 | CVE-2022-4126 | Improper Authentication vulnerability in ABB Rccmd Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207. | 9.8 |
| 2023-03-20 | CVE-2022-45124 | Improper Authentication vulnerability in Wellintech Kinghistorian 35.01.00.05 An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. | 7.5 |
| 2023-03-18 | CVE-2023-28609 | Improper Authentication vulnerability in Ansible-Semaphore Ansible Semaphore api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication. | 9.8 |
| 2023-03-16 | CVE-2023-21460 | Improper Authentication vulnerability in Samsung Android 11.0/12.0/13.0 Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting. | 4.4 |
| 2023-03-15 | CVE-2023-28461 | Improper Authentication vulnerability in Arraynetworks Arrayos AG 9.4.0.469/9.4.0.470/9.4.0.481 Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. | 9.8 |
| 2023-03-14 | CVE-2023-1327 | Improper Authentication vulnerability in Netgear Rax30 Firmware 1.0.3.64/1.0.4.66/1.0.5.70 Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password. | 9.8 |
| 2023-03-14 | CVE-2023-25957 | Improper Authentication vulnerability in Mendix Saml A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). | 7.5 |
| 2023-03-13 | CVE-2023-27582 | Improper Authentication vulnerability in Maddy Project Maddy maddy is a composable, all-in-one mail server. | 9.8 |