Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-08 | CVE-2023-36926 | Missing Authentication for Critical Function vulnerability in SAP Host Agent 7.22 Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. | 5.3 |
| 2023-08-08 | CVE-2023-37483 | Missing Authentication for Critical Function vulnerability in SAP Powerdesigner 16.7 SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy. | 9.8 |
| 2023-08-08 | CVE-2023-39436 | Missing Authentication for Critical Function vulnerability in SAP Supplier Relationship Management SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM. | 5.8 |
| 2023-07-20 | CVE-2023-38523 | Missing Authentication for Critical Function vulnerability in Samsung products The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. | 5.3 |
| 2023-07-18 | CVE-2023-36669 | Missing Authentication for Critical Function vulnerability in Kratosdefense NGC Indoor Unit Firmware 9.1.0.4 Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. | 9.8 |
| 2023-07-17 | CVE-2023-37265 | Missing Authentication for Critical Function vulnerability in Icewhale Casaos CasaOS is an open-source Personal Cloud system. | 9.8 |
| 2023-07-11 | CVE-2023-35872 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Process Integration 7.50 The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. | 6.5 |
| 2023-07-11 | CVE-2023-35873 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Process Integration 7.50 The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. | 6.5 |
| 2023-07-11 | CVE-2023-35874 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. | 7.4 |
| 2023-07-06 | CVE-2023-30643 | Missing Authentication for Critical Function vulnerability in Samsung Android 11.0/12.0/13.0 Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications. | 7.1 |