Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-16 | CVE-2021-29047 | Improper Authentication vulnerability in Liferay DXP and Liferay Portal The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer. | 7.5 |
| 2021-05-13 | CVE-2021-22155 | Improper Authentication vulnerability in Blackberry Workspaces Server An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s account. | 8.8 |
| 2021-05-11 | CVE-2020-26139 | Improper Authentication vulnerability in multiple products An issue was discovered in the kernel in NetBSD 7.1. | 5.3 |
| 2021-05-10 | CVE-2021-23008 | Improper Authentication vulnerability in F5 Big-Ip Access Policy Manager On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be bypassed via a spoofed AS-REP (Kerberos Authentication Service Response) response sent over a hijacked KDC (Kerberos Key Distribution Center) connection or from an AD server compromised by an attacker. | 9.8 |
| 2021-05-10 | CVE-2021-31520 | Improper Authentication vulnerability in Trendmicro IM Security 1.6/1.6.5 A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface. | 8.1 |
| 2021-05-10 | CVE-2021-26077 | Improper Authentication vulnerability in Atlassian Connect Spring Boot Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. | 8.8 |
| 2021-05-06 | CVE-2021-28152 | Improper Authentication vulnerability in Hongdian H8922 Firmware 3.0.5 Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. | 9.8 |
| 2021-05-06 | CVE-2021-32030 | Improper Authentication vulnerability in Asus Gt-Ac2900 Firmware 3.0.0.4.386.41793 The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. | 9.8 |
| 2021-05-06 | CVE-2020-19111 | Improper Authentication vulnerability in Projectworlds Online Book Store Project in PHP 1.0 Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. | 9.8 |
| 2021-05-06 | CVE-2021-1468 | Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. | 9.8 |