Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-22 | CVE-2024-1104 | An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users. | 7.5 |
2024-02-09 | CVE-2023-45190 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.1 |
2024-02-09 | CVE-2023-45191 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
2024-02-02 | CVE-2023-38273 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
2024-02-02 | CVE-2023-50326 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
2024-01-25 | CVE-2023-33759 | Improper Restriction of Excessive Authentication Attempts vulnerability in Splicecom Maximiser Soft PBX SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack. | 9.8 |
2024-01-22 | CVE-2022-45790 | Improper Restriction of Excessive Authentication Attempts vulnerability in Omron products The Omron FINS protocol has an authenticated feature to prevent access to memory regions. | 9.1 |
2024-01-18 | CVE-2024-22317 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM APP Connect Enterprise IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. | 9.1 |
2024-01-11 | CVE-2023-50123 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hozard Alarm System 1.0 The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. | 8.1 |
2024-01-10 | CVE-2023-49810 | Improper Restriction of Excessive Authentication Attempts vulnerability in Wwbn Avideo 15Fed957Fb A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. | 6.5 |