Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-23 | CVE-2020-4771 | Improper Authentication vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. | 5.3 |
| 2020-11-23 | CVE-2020-1778 | Improper Authentication vulnerability in Otrs When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. | 4.3 |
| 2020-11-23 | CVE-2019-14553 | Improper Authentication vulnerability in Tianocore Edk2 Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. | 4.9 |
| 2020-11-19 | CVE-2020-9049 | Improper Authentication vulnerability in Johnsoncontrols C-Cure web and Victor web A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. | 5.3 |
| 2020-11-19 | CVE-2019-20933 | Improper Authentication vulnerability in multiple products InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). | 9.8 |
| 2020-11-17 | CVE-2020-27558 | Improper Authentication vulnerability in Basetech Ge-131 Bt-1837836 Firmware 20180921 Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream. | 6.5 |
| 2020-11-16 | CVE-2020-8272 | Improper Authentication vulnerability in Citrix Sd-Wan Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 | 7.5 |
| 2020-11-16 | CVE-2019-19562 | Improper Authentication vulnerability in Harman Hermes 2.1 An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information. | 4.6 |
| 2020-11-16 | CVE-2019-19560 | Improper Authentication vulnerability in Harman Hermes 1.5 An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information. | 4.6 |
| 2020-11-13 | CVE-2020-28638 | Improper Authentication vulnerability in Dyne Tomb ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb {W] Detected DISPLAY, but only pinentry-curses is found." as the encryption key. | 9.8 |