Vulnerabilities > Missing Authentication for Critical Function

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-11	CVE-2023-27267	Missing Authentication for Critical Function vulnerability in SAP Diagnostics Agent 720 Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. network high complexity sap CWE-306	8.1
2023-04-11	CVE-2023-27497	Missing Authentication for Critical Function vulnerability in SAP Diagnostics Agent 720 Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. network low complexity sap CWE-306 critical	9.8
2023-04-11	CVE-2023-28761	Missing Authentication for Critical Function vulnerability in SAP Netweaver Enterprise Portal 7.50 In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity. network low complexity sap CWE-306	6.5
2023-03-29	CVE-2020-14140	Missing Authentication for Critical Function vulnerability in MI Xiaomi Router Firmware When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. network low complexity mi CWE-306	7.5
2023-03-29	CVE-2022-27645	Missing Authentication for Critical Function vulnerability in Netgear products This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. low complexity netgear CWE-306	8.8
2023-03-29	CVE-2022-36983	Missing Authentication for Critical Function vulnerability in Ivanti Avalanche 6.3.3.101 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. network low complexity ivanti CWE-306 critical	9.8
2023-03-28	CVE-2023-28326	Missing Authentication for Critical Function vulnerability in Apache Openmeetings Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room network low complexity apache CWE-306 critical	9.8
2023-03-27	CVE-2022-48291	Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos The Bluetooth module has an authentication bypass vulnerability in the pairing process. low complexity huawei CWE-306	6.5
2023-03-27	CVE-2023-1140	Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. network low complexity deltaww CWE-306 critical	9.8
2023-03-23	CVE-2023-28470	Missing Authentication for Critical Function vulnerability in Couchbase Server In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication. network low complexity couchbase CWE-306	5.3