Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-27257 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. | 7.5 |
| 2023-10-25 | CVE-2023-27258 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. | 7.5 |
| 2023-10-25 | CVE-2023-27259 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | 7.5 |
| 2023-10-25 | CVE-2023-27261 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | 6.5 |
| 2023-10-25 | CVE-2023-27375 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 |
| 2023-10-25 | CVE-2023-27376 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 |
| 2023-10-25 | CVE-2023-39231 | Missing Authentication for Critical Function vulnerability in Pingidentity Pingone MFA Integration KIT 2.2 PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. | 6.5 |
| 2023-10-25 | CVE-2023-39930 | Missing Authentication for Critical Function vulnerability in Pingidentity Pingid Radius PCV 3.0.0 A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. | 9.8 |
| 2023-10-25 | CVE-2023-41255 | Missing Authentication for Critical Function vulnerability in Boschrexroth products The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network. | 8.8 |
| 2023-10-25 | CVE-2023-45220 | Missing Authentication for Critical Function vulnerability in Boschrexroth products The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. | 8.8 |