Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-27 | CVE-2020-15605 | Improper Authentication vulnerability in Trendmicro Deep Security Manager and vulnerability Protection If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. | 8.1 |
| 2020-08-27 | CVE-2020-15601 | Improper Authentication vulnerability in Trendmicro Deep Security Manager and vulnerability Protection If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. | 8.1 |
| 2020-08-27 | CVE-2020-4167 | Improper Authentication vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. | 6.5 |
| 2020-08-26 | CVE-2020-3151 | Improper Authentication vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. | 6.7 |
| 2020-08-26 | CVE-2020-16251 | Improper Authentication vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. | 8.2 |
| 2020-08-24 | CVE-2020-24612 | Improper Authentication vulnerability in Fedoraproject Selinux-Policy 20200824/3.14 An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. | 4.7 |
| 2020-08-24 | CVE-2020-19888 | Improper Authentication vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. | 5.9 |
| 2020-08-21 | CVE-2020-10123 | Improper Authentication vulnerability in NCR Aptra XFS 04.02.01/05.01.00 The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows. | 5.3 |
| 2020-08-21 | CVE-2020-16239 | Improper Authentication vulnerability in Philips Suresigns VS4 Firmware A.07.107 Philips SureSigns VS4, A.07.107 and prior. | 4.9 |
| 2020-08-20 | CVE-2020-15149 | Improper Authentication vulnerability in Nodebb NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. | 9.9 |