Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-10 | CVE-2021-31520 | Improper Authentication vulnerability in Trendmicro IM Security 1.6/1.6.5 A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface. | 8.1 |
| 2021-05-10 | CVE-2021-26077 | Improper Authentication vulnerability in Atlassian Connect Spring Boot Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. | 8.8 |
| 2021-05-06 | CVE-2021-28152 | Improper Authentication vulnerability in Hongdian H8922 Firmware 3.0.5 Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. | 9.8 |
| 2021-05-06 | CVE-2021-32030 | Improper Authentication vulnerability in Asus Gt-Ac2900 Firmware 3.0.0.4.386.41793 The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. | 9.8 |
| 2021-05-06 | CVE-2020-19111 | Improper Authentication vulnerability in Projectworlds Online Book Store Project in PHP 1.0 Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. | 9.8 |
| 2021-05-06 | CVE-2021-1468 | Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. | 9.8 |
| 2021-05-06 | CVE-2021-31245 | Improper Authentication vulnerability in Openmptcprouter 0.57.3 omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack. | 5.9 |
| 2021-04-30 | CVE-2021-21544 | Improper Authentication vulnerability in Dell Idrac9 Firmware Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. | 2.7 |
| 2021-04-29 | CVE-2021-27651 | Improper Authentication vulnerability in Pega Infinity In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. | 9.8 |
| 2021-04-29 | CVE-2021-20092 | Improper Authentication vulnerability in Buffalo products The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor. | 7.5 |