Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-12 | CVE-2020-4779 | Improper Authentication vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 8.1 |
| 2020-10-09 | CVE-2020-26921 | Improper Authentication vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 8.8 |
| 2020-10-08 | CVE-2020-10816 | Improper Authentication vulnerability in Zohocorp Manageengine Applications Manager 14.7 Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet. | 7.5 |
| 2020-10-07 | CVE-2020-25867 | Improper Authentication vulnerability in Soplanning SoPlanning before 1.47 doesn't correctly check the security key used to publicly share plannings. | 5.3 |
| 2020-10-02 | CVE-2020-12126 | Improper Authentication vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint. | 9.8 |
| 2020-10-02 | CVE-2020-26511 | Improper Authentication vulnerability in Wpo365 Wordpress + Azure AD / Microsoft Office 365 The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. | 7.5 |
| 2020-09-30 | CVE-2018-11765 | Improper Authentication vulnerability in Apache Hadoop In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled. | 7.5 |
| 2020-09-29 | CVE-2020-24563 | Improper Authentication vulnerability in Trendmicro Apex ONE 2019/Saas A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. | 7.8 |
| 2020-09-25 | CVE-2020-26105 | Improper Authentication vulnerability in Cpanel In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). | 9.8 |
| 2020-09-25 | CVE-2020-26101 | Improper Authentication vulnerability in Cpanel In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). | 9.8 |