Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2024-07-08 CVE-2024-39723 Improper Authentication vulnerability in IBM Storage Virtualize 8.6
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator.
low complexity
ibm CWE-287
4.6
2024-07-02 CVE-2024-20889 Improper Authentication vulnerability in Samsung Android 12.0/13.0/14.0
Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices.
low complexity
samsung CWE-287
4.3
2024-07-02 CVE-2024-20890 Improper Authentication vulnerability in Samsung Android 12.0/13.0/14.0
Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior.
low complexity
samsung CWE-287
8.8
2024-07-02 CVE-2024-20900 Improper Authentication vulnerability in Samsung Android 12.0/13.0/14.0
Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.
local
low complexity
samsung CWE-287
3.3
2024-07-02 CVE-2024-34596 Improper Authentication vulnerability in Samsung Smartthings
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.
network
low complexity
samsung CWE-287
7.5
2024-07-01 CVE-2024-28200 Improper Authentication vulnerability in N-Able N-Central 2023.4/2023.6/2023.7
The N-central server is vulnerable to an authentication bypass of the user interface.
network
low complexity
n-able CWE-287
critical
9.8
2024-06-26 CVE-2024-27867 Improper Authentication vulnerability in Apple products
An authentication issue was addressed with improved state management.
low complexity
apple CWE-287
4.3
2024-06-25 CVE-2024-5012 Improper Authentication vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials.
network
low complexity
progress CWE-287
8.6
2024-06-25 CVE-2024-37085 Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
network
low complexity
vmware CWE-287
7.2
2024-06-25 CVE-2024-5805 Improper Authentication vulnerability in Progress Moveit Gateway 2024.0
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.
network
low complexity
progress CWE-287
critical
9.1