Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-40834 | Improper Restriction of Excessive Authentication Attempts vulnerability in Opencart 4.0.2.2 OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter. | 9.8 |
| 2023-08-28 | CVE-2023-26271 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Guardium Cloud KEY Manager IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2023-08-28 | CVE-2022-43904 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium 11.3/11.4 IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. | 7.5 |
| 2023-08-24 | CVE-2023-40706 | Improper Restriction of Excessive Authentication Attempts vulnerability in Opto22 Snap PAC S1 Firmware R10.3B There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. | 9.8 |
| 2023-08-10 | CVE-2023-39958 | Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Server Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. | 5.3 |
| 2023-08-08 | CVE-2023-21709 | Improper Restriction of Excessive Authentication Attempts vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 9.8 |
| 2023-08-03 | CVE-2023-3669 | Improper Restriction of Excessive Authentication Attempts vulnerability in Codesys Development System A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. | 3.3 |
| 2023-07-25 | CVE-2023-3548 | Improper Restriction of Excessive Authentication Attempts vulnerability in Johnsoncontrols IQ Wifi 6 Firmware An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack. | 9.8 |
| 2023-07-19 | CVE-2023-32657 | Improper Restriction of Excessive Authentication Attempts vulnerability in Weintek Weincloud 0.13.6 Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses. | 7.5 |
| 2023-07-12 | CVE-2023-29301 | Improper Restriction of Excessive Authentication Attempts vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. | 7.5 |