Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-27376 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 |
| 2023-10-25 | CVE-2023-39231 | Missing Authentication for Critical Function vulnerability in Pingidentity Pingone MFA Integration KIT 2.2 PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. | 6.5 |
| 2023-10-25 | CVE-2023-39930 | Missing Authentication for Critical Function vulnerability in Pingidentity Pingid Radius PCV 3.0.0 A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. | 9.8 |
| 2023-10-25 | CVE-2023-41255 | Missing Authentication for Critical Function vulnerability in Boschrexroth products The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network. | 8.8 |
| 2023-10-25 | CVE-2023-45220 | Missing Authentication for Critical Function vulnerability in Boschrexroth products The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. | 8.8 |
| 2023-10-25 | CVE-2023-45851 | Missing Authentication for Critical Function vulnerability in Boschrexroth products The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device | 8.8 |
| 2023-10-23 | CVE-2023-43045 | Missing Authentication for Critical Function vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.2 IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. | 7.5 |
| 2023-10-11 | CVE-2023-44116 | Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized. | 9.8 |
| 2023-10-09 | CVE-2023-43271 | Missing Authentication for Critical Function vulnerability in 70Mai A500S Firmware 1.2.119 Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols. | 9.1 |
| 2023-10-03 | CVE-2023-4884 | Missing Authentication for Critical Function vulnerability in Open5Gs An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication. | 7.5 |