Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2021-09-09 CVE-2021-28913 Missing Authentication for Critical Function vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the root SSH key passphrase.
network
low complexity
bab-technologie CWE-306
critical
10.0
2021-09-09 CVE-2021-38540 Missing Authentication for Critical Function vulnerability in Apache Airflow
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3.
network
low complexity
apache CWE-306
7.5
2021-09-07 CVE-2021-32800 Missing Authentication for Critical Function vulnerability in Nextcloud
Nextcloud server is an open source, self hosted personal cloud.
network
low complexity
nextcloud CWE-306
6.4
2021-08-25 CVE-2021-33882 Missing Authentication for Critical Function vulnerability in Bbraun Spacecom2
A Missing Authentication for Critical Function vulnerability in B.
network
low complexity
bbraun CWE-306
5.0
2021-08-19 CVE-2021-31868 Missing Authentication for Critical Function vulnerability in Rapid7 Nexpose
Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket.
network
low complexity
rapid7 CWE-306
5.5
2021-08-11 CVE-2020-25563 Missing Authentication for Critical Function vulnerability in Sapphireims 5.0
In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID.
network
low complexity
sapphireims CWE-306
7.5
2021-08-02 CVE-2021-37843 Missing Authentication for Critical Function vulnerability in Atlassian Saml Single Sign ON
The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided).
network
low complexity
atlassian CWE-306
7.5
2021-07-22 CVE-2020-7389 Missing Authentication for Critical Function vulnerability in Sage Syracuse
Sage X3 System CHAINE Variable Script Command Injection.
network
low complexity
sage CWE-306
critical
9.0
2021-07-21 CVE-2020-21936 Missing Authentication for Critical Function vulnerability in Motorola CX2 Firmware 1.0.2
An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to access the components GetStationSettings, GetWebsiteFilterSettings and GetNetworkSettings without authentication.
network
low complexity
motorola CWE-306
5.0
2021-07-21 CVE-2021-22772 Missing Authentication for Critical Function vulnerability in Schneider-Electric T200E Firmware, T200I Firmware and T200P Firmware
A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 ((Modbus) SC2-04MOD-07000100 and earlier), Easergy T200 ((IEC104) SC2-04IEC-07000100 and earlier), and Easergy T200 ((DNP3) SC2-04DNP-07000102 and earlier) that could cause unauthorized operation when authentication is bypassed.
network
low complexity
schneider-electric CWE-306
7.5