Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2020-14504 Improper Authentication vulnerability in Rockwellautomation products
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests.
network
low complexity
rockwellautomation CWE-287
5.3
2022-02-18 CVE-2022-24047 Improper Authentication vulnerability in BMC Track-It! 20.21.01.102
This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102.
network
low complexity
bmc CWE-287
critical
9.8
2022-02-18 CVE-2016-2124 Improper Authentication vulnerability in multiple products
A flaw was found in the way samba implemented SMB1 authentication.
network
high complexity
samba debian fedoraproject redhat canonical CWE-287
5.9
2022-02-15 CVE-2022-23317 Improper Authentication vulnerability in Helpsystems Cobalt Strike
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.
network
low complexity
helpsystems CWE-287
7.5
2022-02-14 CVE-2021-4201 Improper Authentication vulnerability in Forgerock Access Management
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions.
network
low complexity
forgerock CWE-287
critical
9.8
2022-02-14 CVE-2021-45347 Improper Authentication vulnerability in Zzcms 8.2
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.
network
low complexity
zzcms CWE-287
7.5
2022-02-14 CVE-2022-24976 Improper Authentication vulnerability in Atheme
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
network
low complexity
atheme CWE-287
critical
9.1
2022-02-11 CVE-2021-38679 Improper Authentication vulnerability in Qnap Kazoo Server 4.10.12/4.10.9/4.11.20
An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo Server.
network
low complexity
qnap CWE-287
critical
9.8
2022-02-11 CVE-2021-30317 Improper Authentication vulnerability in Qualcomm products
Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-287
7.8
2022-02-09 CVE-2021-45331 Improper Authentication vulnerability in Gitea
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges.
network
low complexity
gitea CWE-287
critical
9.8