Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-31 | CVE-2021-22002 | Improper Authentication vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. | 9.8 |
| 2021-08-31 | CVE-2021-22943 | Improper Authentication vulnerability in UI Unifi Protect 1.13.3 A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. | 9.6 |
| 2021-08-30 | CVE-2021-36370 | Improper Authentication vulnerability in Midnight-Commander Midnight Commander An issue was discovered in Midnight Commander through 4.8.26. | 7.5 |
| 2021-08-30 | CVE-2021-37417 | Improper Authentication vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. | 9.8 |
| 2021-08-30 | CVE-2021-22025 | Improper Authentication vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. | 7.5 |
| 2021-08-30 | CVE-2021-32967 | Improper Authentication vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. | 9.8 |
| 2021-08-24 | CVE-2021-30867 | Improper Authentication vulnerability in Apple Ipados and Iphone OS The issue was addressed with improved authentication. | 5.5 |
| 2021-08-19 | CVE-2021-37597 | Improper Authentication vulnerability in Wpcerber WP Cerber WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation. | 9.8 |
| 2021-08-18 | CVE-2021-1561 | Improper Authentication vulnerability in Cisco Secure Email and web Manager A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. | 5.4 |
| 2021-08-17 | CVE-2021-3458 | Improper Authentication vulnerability in Motorola Mm1000 Firmware The Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified. | 4.6 |