Vulnerabilities > Missing Authentication for Critical Function

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-27	CVE-2023-41333	Missing Authentication for Critical Function vulnerability in Cilium Cilium is a networking, observability, and security solution with an eBPF-based dataplane. low complexity cilium CWE-306	8.1
2023-09-27	CVE-2023-44152	Missing Authentication for Critical Function vulnerability in Acronis Cyber Protect 15 Sensitive information disclosure and manipulation due to improper authentication. network low complexity acronis CWE-306 critical	9.1
2023-09-27	CVE-2023-36851	Missing Authentication for Critical Function vulnerability in Juniper Junos A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * 21.2 versions prior to 21.2R3-S8; * 21.4 versions prior to 21.4R3-S6; * 22.1 versions prior to 22.1R3-S5; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S2; * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2. network low complexity juniper CWE-306	5.3
2023-09-25	CVE-2023-43644	Missing Authentication for Critical Function vulnerability in Sagernet Sing-Box Sing-box is an open source proxy system. network low complexity sagernet CWE-306 critical	9.8
2023-09-14	CVE-2023-4516	Missing Authentication for Critical Function vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content. local low complexity schneider-electric CWE-306	7.8
2023-09-12	CVE-2023-41367	Missing Authentication for Critical Function vulnerability in SAP Netweaver 7.50 Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. network low complexity sap CWE-306	5.3
2023-09-07	CVE-2023-4815	Missing Authentication for Critical Function vulnerability in Answer Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3. network low complexity answer CWE-306	8.8
2023-09-05	CVE-2023-31132	Missing Authentication for Critical Function vulnerability in Cacti Cacti is an open source operational monitoring and fault management framework. local low complexity cacti CWE-306	7.8
2023-08-31	CVE-2023-34392	Missing Authentication for Critical Function vulnerability in Selinc Sel-5037 SEL Grid Configurator A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. network low complexity selinc CWE-306	8.8
2023-08-30	CVE-2023-40598	Missing Authentication for Critical Function vulnerability in Splunk In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. network low complexity splunk CWE-306	8.8