Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-02 | CVE-2021-35029 | Improper Authentication vulnerability in Zyxel products An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. | 9.8 |
| 2021-06-30 | CVE-2021-30648 | Improper Authentication vulnerability in Broadcom products The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. | 9.8 |
| 2021-06-25 | CVE-2021-33895 | Improper Authentication vulnerability in multiple products ETINET BACKBOX E4.09 and H4.09 mismanages password access control. | 8.1 |
| 2021-06-23 | CVE-2021-21998 | Improper Authentication vulnerability in VMWare Carbon Black APP Control VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. | 9.8 |
| 2021-06-22 | CVE-2021-20737 | Improper Authentication vulnerability in Weseek Growi Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors. | 6.5 |
| 2021-06-16 | CVE-2021-32691 | Improper Authentication vulnerability in Apollosapp Data-Connector-Rock Apollos Apps is an open source platform for launching church-related apps. | 9.8 |
| 2021-06-16 | CVE-2021-1542 | Improper Authentication vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. | 8.1 |
| 2021-06-16 | CVE-2021-27610 | Improper Authentication vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. | 9.8 |
| 2021-06-14 | CVE-2021-24359 | Improper Authentication vulnerability in Posimyth the Plus Addons for Elementor The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. | 5.3 |
| 2021-06-11 | CVE-2021-25389 | Improper Authentication vulnerability in Google Android 9.0 Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. | 6.1 |