Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2021-07-08 CVE-2021-25442 Improper Authentication vulnerability in Samsung Knox Cloud Services
Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication.
network
low complexity
samsung CWE-287
7.5
2021-07-07 CVE-2021-20776 Improper Authentication vulnerability in A-Stage-Inc At-40Cm01Sr Firmware and Sct-40Cm01Sr Firmware
Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.
network
low complexity
a-stage-inc CWE-287
critical
9.8
2021-07-02 CVE-2021-35029 Improper Authentication vulnerability in Zyxel products
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
network
low complexity
zyxel CWE-287
critical
9.8
2021-06-30 CVE-2021-30648 Improper Authentication vulnerability in Broadcom products
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability.
network
low complexity
broadcom CWE-287
critical
9.8
2021-06-25 CVE-2021-33895 Improper Authentication vulnerability in multiple products
ETINET BACKBOX E4.09 and H4.09 mismanages password access control.
network
high complexity
hpe etinet CWE-287
8.1
2021-06-23 CVE-2021-21998 Improper Authentication vulnerability in VMWare Carbon Black APP Control
VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass.
network
low complexity
vmware CWE-287
critical
9.8
2021-06-22 CVE-2021-20737 Improper Authentication vulnerability in Weseek Growi
Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors.
network
low complexity
weseek CWE-287
6.5
2021-06-16 CVE-2021-32691 Improper Authentication vulnerability in Apollosapp Data-Connector-Rock
Apollos Apps is an open source platform for launching church-related apps.
network
low complexity
apollosapp CWE-287
critical
9.8
2021-06-16 CVE-2021-1542 Improper Authentication vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.
network
high complexity
cisco CWE-287
8.1
2021-06-16 CVE-2021-27610 Improper Authentication vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.
network
low complexity
sap CWE-287
critical
9.8