Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-28 | CVE-2024-25031 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Storage Defender 2.0.0/2.0.4 IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. | 6.5 |
| 2024-06-24 | CVE-2024-5862 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. | 7.5 |
| 2024-06-11 | CVE-2024-28022 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachienergy Foxman-Un and Unem A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account. | 6.5 |
| 2024-06-10 | CVE-2024-35747 | Improper Restriction of Excessive Authentication Attempts vulnerability in Contact Form Builder Project Contact Form Builder Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7. | 5.3 |
| 2024-06-10 | CVE-2024-28833 | Improper Restriction of Excessive Authentication Attempts vulnerability in Checkmk 2.3.0 Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. | 7.5 |
| 2024-06-06 | CVE-2024-3102 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. | 5.3 |
| 2024-02-22 | CVE-2024-1104 | An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users. | 7.5 |
| 2024-02-09 | CVE-2023-45190 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.1 |
| 2024-02-09 | CVE-2023-45191 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2024-02-02 | CVE-2023-38273 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |