Vulnerabilities > Missing Authentication for Critical Function
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-25 | CVE-2023-26575 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | 7.5 |
2023-10-25 | CVE-2023-26576 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | 7.5 |
2023-10-25 | CVE-2023-26579 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013 Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. | 5.3 |
2023-10-25 | CVE-2023-27256 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | 5.3 |
2023-10-25 | CVE-2023-27257 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. | 7.5 |
2023-10-25 | CVE-2023-27258 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. | 7.5 |
2023-10-25 | CVE-2023-27259 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | 7.5 |
2023-10-25 | CVE-2023-27261 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | 6.5 |
2023-10-25 | CVE-2023-27375 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 |
2023-10-25 | CVE-2023-27376 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 |