Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-11 | CVE-2020-25251 | Improper Authentication vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 9.1 |
| 2020-09-09 | CVE-2020-7323 | Improper Authentication vulnerability in Mcafee Endpoint Security Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. | 6.9 |
| 2020-09-04 | CVE-2020-24987 | Improper Authentication vulnerability in Tendacn Ac18 Firmware Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to "radius". | 9.8 |
| 2020-09-02 | CVE-2020-24029 | Improper Authentication vulnerability in Forlogic Qualiex 1.0/3.0 Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. | 9.8 |
| 2020-09-01 | CVE-2020-5777 | Improper Authentication vulnerability in Magmi Project Magmi MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. | 9.8 |
| 2020-08-31 | CVE-2020-24786 | Improper Authentication vulnerability in Zohocorp products An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. | 9.8 |
| 2020-08-30 | CVE-2020-8097 | Improper Authentication vulnerability in Bitdefender Endpoint Security and Endpoint Security Tools An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. | 7.8 |
| 2020-08-27 | CVE-2020-15605 | Improper Authentication vulnerability in Trendmicro Deep Security Manager and vulnerability Protection If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. | 8.1 |
| 2020-08-27 | CVE-2020-15601 | Improper Authentication vulnerability in Trendmicro Deep Security Manager and vulnerability Protection If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. | 8.1 |
| 2020-08-27 | CVE-2020-4167 | Improper Authentication vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. | 6.5 |