Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-02 | CVE-2020-26511 | Improper Authentication vulnerability in Wpo365 Wordpress + Azure AD / Microsoft Office 365 The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. | 7.5 |
| 2020-09-30 | CVE-2018-11765 | Improper Authentication vulnerability in Apache Hadoop In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled. | 7.5 |
| 2020-09-29 | CVE-2020-24563 | Improper Authentication vulnerability in Trendmicro Apex ONE 2019/Saas A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. | 7.8 |
| 2020-09-25 | CVE-2020-26105 | Improper Authentication vulnerability in Cpanel In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). | 9.8 |
| 2020-09-25 | CVE-2020-26101 | Improper Authentication vulnerability in Cpanel In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). | 9.8 |
| 2020-09-23 | CVE-2019-15993 | Improper Authentication vulnerability in Cisco products A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. | 5.3 |
| 2020-09-23 | CVE-2019-16028 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. | 9.8 |
| 2020-09-18 | CVE-2020-8253 | Improper Authentication vulnerability in Citrix Xenmobile Server Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files. | 7.5 |
| 2020-09-18 | CVE-2020-8200 | Improper Authentication vulnerability in Citrix Storefront Server Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. | 6.5 |
| 2020-09-16 | CVE-2020-7297 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface. | 5.7 |