Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-20 | CVE-2021-44676 | Improper Authentication vulnerability in Zohocorp Manageengine Access Manager Plus 4.1/4.2 Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. | 9.8 |
| 2021-12-17 | CVE-2021-40851 | Improper Authentication vulnerability in Tcman GIM 11.0/8.0 TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. | 7.5 |
| 2021-12-15 | CVE-2021-43935 | Improper Authentication vulnerability in Baxter products The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. | 9.8 |
| 2021-12-14 | CVE-2021-44937 | Improper Authentication vulnerability in Glfusion 1.7.9 glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. | 5.3 |
| 2021-12-14 | CVE-2021-44524 | Improper Authentication vulnerability in Siemens Sipass Integrated and Siveillance Identity A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). | 9.8 |
| 2021-12-13 | CVE-2021-39064 | Improper Authentication vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13 IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. | 7.5 |
| 2021-12-09 | CVE-2021-44514 | Improper Authentication vulnerability in Zohocorp Manageengine Opmanager 12.5 OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | 9.8 |
| 2021-12-09 | CVE-2021-41265 | Improper Authentication vulnerability in Dpgaspar Flask-Appbuilder Flask-AppBuilder is a development framework built on top of Flask. | 8.8 |
| 2021-12-09 | CVE-2021-20145 | Improper Authentication vulnerability in Gryphonconnect Gryphon Tower Firmware Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. | 7.5 |
| 2021-12-09 | CVE-2021-21955 | Improper Authentication vulnerability in Anker Eufy Homebase 2 Firmware 2.1.6.9H An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. | 7.5 |