Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-31 | CVE-2020-5425 | Improper Authentication vulnerability in VMWare Single Sign-On for Tanzu 1.12.0/1.13.0 Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. | 7.9 |
| 2020-10-26 | CVE-2020-7197 | Improper Authentication vulnerability in HP Storeserv Management Console 3.4/3.4.1/3.5.0 SSMC3.7.0.0 is vulnerable to remote authentication bypass. | 9.8 |
| 2020-10-21 | CVE-2020-3565 | Improper Authentication vulnerability in Cisco Firepower Threat Defense A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies (including Geolocation) and Service Polices on an affected system. | 5.8 |
| 2020-10-21 | CVE-2020-3410 | Improper Authentication vulnerability in Cisco Secure Firewall Management Center 6.6.0/6.6.0.1 A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. | 8.1 |
| 2020-10-19 | CVE-2020-24629 | Improper Authentication vulnerability in HP Intelligent Management Center A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
| 2020-10-16 | CVE-2020-14299 | Improper Authentication vulnerability in Redhat products A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. | 6.5 |
| 2020-10-14 | CVE-2020-8350 | Improper Authentication vulnerability in Lenovo Thinkpad Stack Wireless Router Firmware 1.1.3.4 An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege. | 8.8 |
| 2020-10-12 | CVE-2020-9109 | Improper Authentication vulnerability in Huawei products There is an information disclosure vulnerability in several smartphones. | 4.6 |
| 2020-10-12 | CVE-2020-4779 | Improper Authentication vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 8.1 |
| 2020-10-09 | CVE-2020-26921 | Improper Authentication vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 8.8 |