Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-39231 Missing Authentication for Critical Function vulnerability in Pingidentity Pingone MFA Integration KIT 2.2
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device.
network
low complexity
pingidentity CWE-306
6.5
2023-10-25 CVE-2023-39930 Missing Authentication for Critical Function vulnerability in Pingidentity Pingid Radius PCV 3.0.0
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.
network
low complexity
pingidentity CWE-306
critical
9.8
2023-10-25 CVE-2023-41255 Missing Authentication for Critical Function vulnerability in Boschrexroth products
The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.
low complexity
boschrexroth CWE-306
8.8
2023-10-25 CVE-2023-45220 Missing Authentication for Critical Function vulnerability in Boschrexroth products
The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user.
low complexity
boschrexroth CWE-306
8.8
2023-10-25 CVE-2023-45851 Missing Authentication for Critical Function vulnerability in Boschrexroth products
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.  This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device
low complexity
boschrexroth CWE-306
8.8
2023-10-23 CVE-2023-43045 Missing Authentication for Critical Function vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.2
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication.
network
low complexity
ibm CWE-306
7.5
2023-10-11 CVE-2023-44116 Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos
Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.
network
low complexity
huawei CWE-306
critical
9.8
2023-10-09 CVE-2023-43271 Missing Authentication for Critical Function vulnerability in 70Mai A500S Firmware 1.2.119
Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols.
network
low complexity
70mai CWE-306
critical
9.1
2023-10-03 CVE-2023-4884 Missing Authentication for Critical Function vulnerability in Open5Gs
An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication.
network
low complexity
open5gs CWE-306
7.5
2023-09-27 CVE-2023-36851 Missing Authentication for Critical Function vulnerability in Juniper Junos
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * 21.2 versions prior to 21.2R3-S8; * 21.4 versions prior to 21.4R3-S6; * 22.1 versions prior to 22.1R3-S5; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S2; * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2.
network
low complexity
juniper CWE-306
5.3