Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-08 | CVE-2021-25442 | Improper Authentication vulnerability in Samsung Knox Cloud Services Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication. | 7.5 |
2021-07-07 | CVE-2021-20776 | Improper Authentication vulnerability in A-Stage-Inc At-40Cm01Sr Firmware and Sct-40Cm01Sr Firmware Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet. | 9.8 |
2021-07-02 | CVE-2021-35029 | Improper Authentication vulnerability in Zyxel products An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. | 9.8 |
2021-06-30 | CVE-2021-30648 | Improper Authentication vulnerability in Broadcom products The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. | 9.8 |
2021-06-25 | CVE-2021-33895 | Improper Authentication vulnerability in multiple products ETINET BACKBOX E4.09 and H4.09 mismanages password access control. | 8.1 |
2021-06-23 | CVE-2021-21998 | Improper Authentication vulnerability in VMWare Carbon Black APP Control VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. | 9.8 |
2021-06-22 | CVE-2021-20737 | Improper Authentication vulnerability in Weseek Growi Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors. | 6.5 |
2021-06-16 | CVE-2021-32691 | Improper Authentication vulnerability in Apollosapp Data-Connector-Rock Apollos Apps is an open source platform for launching church-related apps. | 9.8 |
2021-06-16 | CVE-2021-1542 | Improper Authentication vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. | 8.1 |
2021-06-16 | CVE-2021-27610 | Improper Authentication vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. | 9.8 |