Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-13 | CVE-2021-39064 | Improper Authentication vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13 IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. | 7.5 |
| 2021-12-09 | CVE-2021-44514 | Improper Authentication vulnerability in Zohocorp Manageengine Opmanager 12.5 OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | 9.8 |
| 2021-12-09 | CVE-2021-20145 | Improper Authentication vulnerability in Gryphonconnect Gryphon Tower Firmware Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. | 7.5 |
| 2021-12-09 | CVE-2021-21955 | Improper Authentication vulnerability in Anker Eufy Homebase 2 Firmware 2.1.6.9H An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. | 7.5 |
| 2021-12-09 | CVE-2021-43068 | Improper Authentication vulnerability in Fortinet Fortiauthenticator 6.4.0 A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal. | 8.1 |
| 2021-12-08 | CVE-2021-36718 | Improper Authentication vulnerability in Synel Eharmonynew and Synel Reports SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Working hours etc') The vulnerabilety has been addressed and fixed on version 11. | 6.5 |
| 2021-12-08 | CVE-2021-37054 | Improper Authentication vulnerability in Huawei Emui, Harmonyos and Magic UI There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
| 2021-12-08 | CVE-2021-41309 | Improper Authentication vulnerability in Atlassian Jira Software Data Center Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. | 5.3 |
| 2021-12-08 | CVE-2021-41311 | Improper Authentication vulnerability in Atlassian Jira Software Data Center Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. | 7.5 |
| 2021-12-07 | CVE-2021-41716 | Improper Authentication vulnerability in Mahadiscom Mahavitaran 7.50 Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function | 9.8 |