Vulnerabilities > Missing Authentication for Critical Function

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-21	CVE-2023-27983	Missing Authentication for Critical Function vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. network low complexity schneider-electric CWE-306	5.3
2023-03-21	CVE-2023-27980	Missing Authentication for Critical Function vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. network low complexity schneider-electric CWE-306	8.8
2023-03-14	CVE-2023-24526	Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java 7.50 SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. network low complexity sap CWE-306	5.3
2023-03-10	CVE-2023-27532	Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication 11.0.1.1261/12.0.0.1420 Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. network low complexity veeam CWE-306	7.5
2023-03-03	CVE-2023-27290	Missing Authentication for Critical Function vulnerability in IBM Observability With Instana Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. network low complexity ibm CWE-306 critical	9.1
2023-03-03	CVE-2022-45551	Missing Authentication for Critical Function vulnerability in ZBT We1626 Firmware 21.06.18 An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. network low complexity zbt CWE-306 critical	9.8
2023-02-28	CVE-2023-20857	Missing Authentication for Critical Function vulnerability in VMWare Workspace ONE Content 3.20/3.20.1/3.21 VMware Workspace ONE Content contains a passcode bypass vulnerability. low complexity vmware CWE-306	6.8
2023-02-27	CVE-2022-45138	Missing Authentication for Critical Function vulnerability in Wago products The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. network low complexity wago CWE-306 critical	9.8
2023-02-27	CVE-2022-45140	Missing Authentication for Critical Function vulnerability in Wago products The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. network low complexity wago CWE-306 critical	9.8
2023-02-20	CVE-2023-23452	Missing Authentication for Critical Function vulnerability in Sick Fx0-Gpnt00000 Firmware and Fx0-Gpnt00010 Firmware Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. network low complexity sick CWE-306 critical	9.8