Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2021-07-21 CVE-2020-21932 Improper Authentication vulnerability in Motorola CX2 Firmware 1.0.2
A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to bypass login and obtain a partially authorized token and uid.
network
low complexity
motorola CWE-287
5.3
2021-07-19 CVE-2021-34675 Improper Authentication vulnerability in Basixonline Nex-Forms
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports.
network
low complexity
basixonline CWE-287
7.5
2021-07-19 CVE-2021-34676 Improper Authentication vulnerability in Basixonline Nex-Forms
Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation.
network
low complexity
basixonline CWE-287
7.5
2021-07-19 CVE-2021-35964 Improper Authentication vulnerability in Learningdigital Orca HCM
The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content.
network
low complexity
learningdigital CWE-287
critical
9.8
2021-07-16 CVE-2020-4821 Improper Authentication vulnerability in IBM products
IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string.
network
low complexity
ibm CWE-287
critical
9.8
2021-07-15 CVE-2021-34690 Improper Authentication vulnerability in Idrive Remotepc
iDrive RemotePC before 7.6.48 on Windows allows authentication bypass.
network
low complexity
idrive CWE-287
critical
9.8
2021-07-13 CVE-2021-21994 Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability.
network
low complexity
vmware CWE-287
critical
9.8
2021-07-13 CVE-2021-20593 Improper Authentication vulnerability in Mitsubishi products
Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver.
network
low complexity
mitsubishi CWE-287
7.1
2021-07-12 CVE-2020-19037 Improper Authentication vulnerability in Halo 0.4.3
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.
network
low complexity
halo CWE-287
5.3
2021-07-12 CVE-2021-26088 Improper Authentication vulnerability in Fortinet Single Sign-On
An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets.
low complexity
fortinet CWE-287
critical
9.6