Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-23 | CVE-2021-43444 | Improper Authentication vulnerability in Onlyoffice Server 7.0.0.49 ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. | 7.5 |
| 2023-01-23 | CVE-2021-43445 | Improper Authentication vulnerability in Onlyoffice Server 7.0.0.49 ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. | 9.8 |
| 2023-01-20 | CVE-2020-22657 | Improper Authentication vulnerability in Ruckuswireless products In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to perform WEB GUI login authentication bypass. | 9.1 |
| 2023-01-20 | CVE-2023-22964 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.6/13.0 Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled. | 9.1 |
| 2023-01-20 | CVE-2023-22334 | Improper Authentication vulnerability in Contec Conprosys HMI System Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack. | 5.3 |
| 2023-01-18 | CVE-2021-4314 | Improper Authentication vulnerability in Linuxfoundation Zowe API Mediation Layer It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. | 5.3 |
| 2023-01-17 | CVE-2023-22303 | Improper Authentication vulnerability in Tp-Link Tl-Sg105Pe Firmware 1.0.0 TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. | 9.8 |
| 2023-01-13 | CVE-2023-0105 | Improper Authentication vulnerability in Redhat Keycloak A flaw was found in Keycloak. | 6.5 |
| 2023-01-11 | CVE-2022-4874 | Improper Authentication vulnerability in Netcommwireless Nf20 Firmware, Nf20Mesh Firmware and Nl1902 Firmware Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. | 7.5 |
| 2023-01-10 | CVE-2022-35401 | Improper Authentication vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. | 8.1 |