Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-19 | CVE-2021-3339 | Improper Authentication vulnerability in Microsoft Modernflow ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen. | 4.3 |
| 2021-02-19 | CVE-2020-10254 | Improper Authentication vulnerability in Owncloud An issue was discovered in ownCloud before 10.4. | 5.9 |
| 2021-02-11 | CVE-2020-13185 | Improper Authentication vulnerability in Teradici Cloud Access Connector Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials. | 6.5 |
| 2021-02-09 | CVE-2021-21502 | Improper Authentication vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. | 9.8 |
| 2021-02-09 | CVE-2020-10048 | Improper Authentication vulnerability in Siemens Simatic PCS 7 and Simatic Wincc A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). | 5.5 |
| 2021-02-08 | CVE-2021-26905 | Improper Authentication vulnerability in 1Password Scim Bridge 1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key. | 6.5 |
| 2021-02-05 | CVE-2020-10539 | Improper Authentication vulnerability in Epikur 20.1.0.1 An issue was discovered in Epikur before 20.1.1. | 9.8 |
| 2021-02-03 | CVE-2020-17523 | Improper Authentication vulnerability in Apache Shiro Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | 9.8 |
| 2021-02-01 | CVE-2021-3282 | Improper Authentication vulnerability in Hashicorp Vault 1.6.0/1.6.1 HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. | 7.5 |
| 2021-02-01 | CVE-2020-15835 | Improper Authentication vulnerability in Mofinetwork Mofi4500-4Gxelte Firmware 4.1.5Std An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. | 9.8 |