Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-45851 | Missing Authentication for Critical Function vulnerability in Boschrexroth products The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device | 8.8 |
| 2023-10-23 | CVE-2023-43045 | Missing Authentication for Critical Function vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.2 IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. | 7.5 |
| 2023-10-11 | CVE-2023-44116 | Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized. | 9.8 |
| 2023-10-09 | CVE-2023-43271 | Missing Authentication for Critical Function vulnerability in 70Mai A500S Firmware 1.2.119 Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols. | 9.1 |
| 2023-10-03 | CVE-2023-4884 | Missing Authentication for Critical Function vulnerability in Open5Gs An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication. | 7.5 |
| 2023-09-27 | CVE-2023-36851 | Missing Authentication for Critical Function vulnerability in Juniper Junos A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * 21.2 versions prior to 21.2R3-S8; * 21.4 versions prior to 21.4R3-S6; * 22.1 versions prior to 22.1R3-S5; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S2; * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2. | 5.3 |
| 2023-09-19 | CVE-2023-42793 | Missing Authentication for Critical Function vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | 9.8 |
| 2023-08-31 | CVE-2023-34392 | Missing Authentication for Critical Function vulnerability in Selinc Sel-5037 SEL Grid Configurator A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | 8.8 |
| 2023-08-30 | CVE-2023-40598 | Missing Authentication for Critical Function vulnerability in Splunk In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. | 8.8 |
| 2023-08-15 | CVE-2023-4334 | Missing Authentication for Critical Function vulnerability in Broadcom Raid Controller web Interface 51.12.02779 Broadcom RAID Controller Web server (nginx) is serving private files without any authentication | 7.5 |