Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-04 | CVE-2020-24987 | Improper Authentication vulnerability in Tendacn Ac18 Firmware Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to "radius". | 9.8 |
2020-09-02 | CVE-2020-24029 | Improper Authentication vulnerability in Forlogic Qualiex 1.0/3.0 Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. | 9.8 |
2020-09-01 | CVE-2020-5777 | Improper Authentication vulnerability in Magmi Project Magmi MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. | 9.8 |
2020-08-31 | CVE-2020-24786 | Improper Authentication vulnerability in Zohocorp products An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. | 9.8 |
2020-08-30 | CVE-2020-8097 | Improper Authentication vulnerability in Bitdefender Endpoint Security and Endpoint Security Tools An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. | 7.8 |
2020-08-27 | CVE-2020-15605 | Improper Authentication vulnerability in Trendmicro Deep Security Manager and vulnerability Protection If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. | 8.1 |
2020-08-27 | CVE-2020-15601 | Improper Authentication vulnerability in Trendmicro Deep Security Manager and vulnerability Protection If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. | 8.1 |
2020-08-27 | CVE-2020-4167 | Improper Authentication vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. | 6.5 |
2020-08-26 | CVE-2020-3151 | Improper Authentication vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. | 6.7 |
2020-08-26 | CVE-2020-16251 | Improper Authentication vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. | 8.2 |