Vulnerabilities > Improper Authentication

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-30	CVE-2021-20578	Improper Authentication vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0 IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. network low complexity ibm CWE-287 critical	9.8
2021-09-30	CVE-2021-24017	Improper Authentication vulnerability in Fortinet Fortimanager An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler. network low complexity fortinet CWE-287	4.3
2021-09-30	CVE-2021-41292	Improper Authentication vulnerability in Ecoa products ECOA BAS controller suffers from an authentication bypass vulnerability. network low complexity ecoa CWE-287 critical	9.1
2021-09-29	CVE-2021-35943	Improper Authentication vulnerability in Couchbase Server Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. network low complexity couchbase CWE-287 critical	9.8
2021-09-27	CVE-2021-31606	Improper Authentication vulnerability in Openvpn-Monitor Project Openvpn-Monitor furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients. network low complexity openvpn-monitor-project CWE-287	7.5
2021-09-27	CVE-2021-38299	Improper Authentication vulnerability in Spomky-Labs Webauthn Framwork Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. network low complexity spomky-labs CWE-287 critical	9.8
2021-09-24	CVE-2021-41503	Improper Authentication vulnerability in multiple products DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. low complexity dlink d-link CWE-287	8.0
2021-09-24	CVE-2021-22869	Improper Authentication vulnerability in Github Enterprise Server An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. network low complexity github CWE-287 critical	9.8
2021-09-21	CVE-2021-31917	Improper Authentication vulnerability in multiple products A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). network low complexity redhat infinispan CWE-287 critical	9.8
2021-09-17	CVE-2021-41317	Improper Authentication vulnerability in XSS Hunter Express Project XSS Hunter Express XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths. network low complexity xss-hunter-express-project CWE-287 critical	9.8

Vulnerabilities > Improper Authentication {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Improper Authentication"}]}

Vulnerabilities > Improper Authentication