Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-16 | CVE-2021-32691 | Improper Authentication vulnerability in Apollosapp Data-Connector-Rock Apollos Apps is an open source platform for launching church-related apps. | 9.8 |
| 2021-06-16 | CVE-2021-1542 | Improper Authentication vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. | 8.1 |
| 2021-06-16 | CVE-2021-27610 | Improper Authentication vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. | 9.8 |
| 2021-06-14 | CVE-2021-24359 | Improper Authentication vulnerability in Posimyth the Plus Addons for Elementor The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. | 5.3 |
| 2021-06-11 | CVE-2021-25389 | Improper Authentication vulnerability in Google Android 9.0 Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. | 6.1 |
| 2021-06-11 | CVE-2021-25424 | Improper Authentication vulnerability in Samsung products Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness. | 8.8 |
| 2021-06-10 | CVE-2021-34546 | Improper Authentication vulnerability in Netsetman An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary commands as SYSTEM via the "save log to file" feature. | 6.8 |
| 2021-06-09 | CVE-2020-24514 | Improper Authentication vulnerability in Intel products Improper authentication in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 6.8 |
| 2021-06-08 | CVE-2020-26136 | Improper Authentication vulnerability in Silverstripe In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication. | 6.5 |
| 2021-06-04 | CVE-2021-31251 | Improper Authentication vulnerability in Chiyu-Tech products An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated. | 9.8 |