Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-41309 | Improper Authentication vulnerability in Atlassian Jira Software Data Center Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. | 5.3 |
| 2021-12-08 | CVE-2021-41311 | Improper Authentication vulnerability in Atlassian Jira Software Data Center Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. | 7.5 |
| 2021-12-07 | CVE-2021-41716 | Improper Authentication vulnerability in Mahadiscom Mahavitaran 7.50 Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function | 9.8 |
| 2021-12-07 | CVE-2021-43175 | Improper Authentication vulnerability in Goautodial and Goautodial API The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. | 7.5 |
| 2021-12-07 | CVE-2021-37043 | Improper Authentication vulnerability in Huawei Emui, Harmonyos and Magic UI There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious application processes occupy system resources. | 7.5 |
| 2021-12-07 | CVE-2021-37100 | Improper Authentication vulnerability in Huawei Harmonyos There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed. | 7.5 |
| 2021-12-06 | CVE-2021-39890 | Improper Authentication vulnerability in Gitlab It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above. | 9.8 |
| 2021-12-06 | CVE-2021-43931 | Improper Authentication vulnerability in Webhmi Firmware 3.5/4.0 The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. | 9.8 |
| 2021-11-23 | CVE-2021-35033 | Improper Authentication vulnerability in Zyxel products A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user. | 7.8 |
| 2021-11-22 | CVE-2021-38376 | Improper Authentication vulnerability in Open-Xchange OX APP Suite 7.10.5 OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call. | 5.3 |