Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-09 | CVE-2022-48294 | Improper Authentication vulnerability in Huawei Emui and Harmonyos The IHwAttestationService interface has a defect in authentication. | 7.5 |
| 2023-02-01 | CVE-2023-22501 | Improper Authentication vulnerability in Atlassian Jira Service Management An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. | 9.1 |
| 2023-01-31 | CVE-2020-20402 | Improper Authentication vulnerability in Portfoliocms Project Portfoliocms 1.0.5 Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. | 7.5 |
| 2023-01-31 | CVE-2022-30421 | Improper Authentication vulnerability in Toshiba Storage Security Software 1.2.0.7413 Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module. | 7.8 |
| 2023-01-27 | CVE-2022-48066 | Improper Authentication vulnerability in Totolink A830R Firmware 4.1.2Cu.5182 An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie. | 9.8 |
| 2023-01-26 | CVE-2023-20924 | Improper Authentication vulnerability in Google Android In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. | 6.8 |
| 2023-01-26 | CVE-2023-23612 | Improper Authentication vulnerability in Amazon Opensearch OpenSearch is an open source distributed and RESTful search engine. | 8.8 |
| 2023-01-23 | CVE-2021-43444 | Improper Authentication vulnerability in Onlyoffice Server 7.0.0.49 ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. | 7.5 |
| 2023-01-23 | CVE-2021-43445 | Improper Authentication vulnerability in Onlyoffice Server 7.0.0.49 ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. | 9.8 |
| 2023-01-20 | CVE-2020-22657 | Improper Authentication vulnerability in Ruckuswireless products In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to perform WEB GUI login authentication bypass. | 9.1 |