Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2024-08-07 CVE-2024-36132 Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile
Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources.
network
low complexity
ivanti CWE-287
7.5
2024-07-31 CVE-2019-6197 Improper Authentication vulnerability in Lenovo Pcmanager 2.6.40.3154
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.
local
low complexity
lenovo CWE-287
7.8
2024-07-31 CVE-2019-6198 Improper Authentication vulnerability in Lenovo Pcmanager 2.6.40.3154
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.
local
low complexity
lenovo CWE-287
7.8
2024-07-25 CVE-2024-41800 Improper Authentication vulnerability in Craftcms Craft CMS
Craft is a content management system (CMS).
network
high complexity
craftcms CWE-287
7.5
2024-07-24 CVE-2023-45249 Improper Authentication vulnerability in Acronis Cyber Infrastructure
Remote command execution due to use of default passwords.
network
low complexity
acronis CWE-287
critical
9.8
2024-07-22 CVE-2024-41829 Improper Authentication vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
network
low complexity
jetbrains CWE-287
7.5
2024-07-17 CVE-2024-23465 Improper Authentication vulnerability in Solarwinds Access Rights Manager
The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability.
network
low complexity
solarwinds CWE-287
critical
9.8
2024-07-17 CVE-2024-6535 Improper Authentication vulnerability in Redhat Service Interconnect 1.0
A flaw was found in Skupper.
network
low complexity
redhat CWE-287
5.3
2024-07-15 CVE-2024-39767 Improper Authentication vulnerability in Mattermost Mobile 1.26.0/1.29.0/1.30.0
Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that server’s push notifications.
network
low complexity
mattermost CWE-287
6.5
2024-07-11 CVE-2024-38433 Improper Authentication vulnerability in Nuvoton products
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.
local
low complexity
nuvoton CWE-287
6.7