Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2021-10-06 CVE-2021-25484 Improper Authentication vulnerability in Google Android 10.0/11.0/8.1
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.
local
low complexity
google CWE-287
3.3
2021-10-06 CVE-2021-0595 Improper Authentication vulnerability in Google Android
In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in.
local
low complexity
google CWE-287
7.8
2021-10-05 CVE-2021-41286 Improper Authentication vulnerability in Omikron Multicash 4.00.008
Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism.
local
low complexity
omikron CWE-287
7.8
2021-10-05 CVE-2021-39872 Improper Authentication vulnerability in Gitlab
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.
network
low complexity
gitlab CWE-287
6.5
2021-10-04 CVE-2021-23857 Improper Authentication vulnerability in Bosch products
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password.
network
low complexity
bosch CWE-287
critical
9.8
2021-10-04 CVE-2021-35296 Improper Authentication vulnerability in Ptcl Hg150-Ub Firmware 3.0
An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path.
network
low complexity
ptcl CWE-287
critical
9.8
2021-09-30 CVE-2021-20578 Improper Authentication vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls.
network
low complexity
ibm CWE-287
critical
9.8
2021-09-30 CVE-2021-24017 Improper Authentication vulnerability in Fortinet Fortimanager
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.
network
low complexity
fortinet CWE-287
4.3
2021-09-30 CVE-2021-41292 Improper Authentication vulnerability in Ecoa products
ECOA BAS controller suffers from an authentication bypass vulnerability.
network
low complexity
ecoa CWE-287
critical
9.1
2021-09-29 CVE-2021-35943 Improper Authentication vulnerability in Couchbase Server
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control.
network
low complexity
couchbase CWE-287
critical
9.8