Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-06 | CVE-2020-25592 | Improper Authentication vulnerability in multiple products In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. | 9.8 |
| 2020-11-05 | CVE-2020-17510 | Improper Authentication vulnerability in multiple products Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | 9.8 |
| 2020-11-05 | CVE-2020-8267 | Improper Authentication vulnerability in UI Unifi Protect Firmware A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer. | 5.3 |
| 2020-11-05 | CVE-2020-12145 | Improper Authentication vulnerability in Silver-Peak Unity Orchestrator Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. | 9.8 |
| 2020-11-05 | CVE-2020-15949 | Improper Authentication vulnerability in Immuta 2.8.2 Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover. | 7.5 |
| 2020-11-02 | CVE-2020-8236 | Improper Authentication vulnerability in Nextcloud Server A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it. | 6.8 |
| 2020-11-02 | CVE-2020-28002 | Improper Authentication vulnerability in Sonarsource Sonarqube 8.4.2.36762 In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. | 5.3 |
| 2020-10-31 | CVE-2020-5425 | Improper Authentication vulnerability in VMWare Single Sign-On for Tanzu 1.12.0/1.13.0 Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. | 7.9 |
| 2020-10-26 | CVE-2020-7197 | Improper Authentication vulnerability in HP Storeserv Management Console 3.4/3.4.1/3.5.0 SSMC3.7.0.0 is vulnerable to remote authentication bypass. | 9.8 |
| 2020-10-21 | CVE-2020-3565 | Improper Authentication vulnerability in Cisco Firepower Threat Defense A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies (including Geolocation) and Service Polices on an affected system. | 5.8 |