Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-06 | CVE-2020-19111 | Improper Authentication vulnerability in Projectworlds Online Book Store Project in PHP 1.0 Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. | 9.8 |
| 2021-05-06 | CVE-2021-1468 | Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. | 9.8 |
| 2021-05-06 | CVE-2021-31245 | Improper Authentication vulnerability in Openmptcprouter 0.57.3 omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack. | 5.9 |
| 2021-04-30 | CVE-2021-21544 | Improper Authentication vulnerability in Dell Idrac9 Firmware Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. | 2.7 |
| 2021-04-29 | CVE-2021-27651 | Improper Authentication vulnerability in Pega Infinity In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. | 9.8 |
| 2021-04-29 | CVE-2021-20092 | Improper Authentication vulnerability in Buffalo products The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor. | 7.5 |
| 2021-04-28 | CVE-2021-25147 | Improper Authentication vulnerability in Arubanetworks Airwave A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. | 8.1 |
| 2021-04-28 | CVE-2020-21991 | Improper Authentication vulnerability in AVE products AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. | 9.8 |
| 2021-04-26 | CVE-2021-23365 | Improper Authentication vulnerability in TYK Tyk-Identity-Broker The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. | 9.1 |
| 2021-04-22 | CVE-2021-20590 | Improper Authentication vulnerability in Mitsubishielectric products Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used. | 7.5 |