Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2021-10-05 CVE-2021-39226 Improper Authentication vulnerability in multiple products
Grafana is an open source data visualization platform.
network
low complexity
grafana fedoraproject CWE-287
7.3
2021-10-05 CVE-2021-41286 Improper Authentication vulnerability in Omikron Multicash 4.00.008
Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism.
local
low complexity
omikron CWE-287
7.8
2021-10-05 CVE-2021-39872 Improper Authentication vulnerability in Gitlab
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.
network
low complexity
gitlab CWE-287
6.5
2021-10-04 CVE-2021-23857 Improper Authentication vulnerability in Bosch products
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password.
network
low complexity
bosch CWE-287
critical
9.8
2021-10-04 CVE-2021-35296 Improper Authentication vulnerability in Ptcl Hg150-Ub Firmware 3.0
An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path.
network
low complexity
ptcl CWE-287
critical
9.8
2021-09-30 CVE-2021-20578 Improper Authentication vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls.
network
low complexity
ibm CWE-287
critical
9.8
2021-09-30 CVE-2021-24017 Improper Authentication vulnerability in Fortinet Fortimanager
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.
network
low complexity
fortinet CWE-287
4.3
2021-09-30 CVE-2021-41292 Improper Authentication vulnerability in Ecoa products
ECOA BAS controller suffers from an authentication bypass vulnerability.
network
low complexity
ecoa CWE-287
critical
9.1
2021-09-29 CVE-2021-35943 Improper Authentication vulnerability in Couchbase Server
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control.
network
low complexity
couchbase CWE-287
critical
9.8
2021-09-27 CVE-2021-31606 Improper Authentication vulnerability in Openvpn-Monitor Project Openvpn-Monitor
furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients.
network
low complexity
openvpn-monitor-project CWE-287
7.5