Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-25 | CVE-2022-35871 | Missing Authentication for Critical Function vulnerability in Inductiveautomation Ignition 8.1.15 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). | 7.8 |
| 2022-07-22 | CVE-2021-36200 | Missing Authentication for Critical Function vulnerability in Johnsoncontrols products Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users. | 5.3 |
| 2022-07-22 | CVE-2022-2138 | Missing Authentication for Critical Function vulnerability in Advantech Iview The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. | 7.5 |
| 2022-07-21 | CVE-2022-34767 | Missing Authentication for Critical Function vulnerability in Allnet All-Wr0500Ac Firmware Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone to Authorization bypass vulnerability – the password, located at "admin" allows changing the http[s]://wizardpwd.asp/cgi-bin. | 9.8 |
| 2022-07-21 | CVE-2022-20857 | Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. | 9.8 |
| 2022-07-21 | CVE-2022-20858 | Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. | 9.8 |
| 2022-07-20 | CVE-2022-2141 | Missing Authentication for Critical Function vulnerability in Micodus Mv720 Firmware SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. | 9.8 |
| 2022-07-17 | CVE-2022-28809 | Missing Authentication for Critical Function vulnerability in Opendesign Drawings SDK An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. | 7.8 |
| 2022-07-17 | CVE-2022-31260 | Missing Authentication for Critical Function vulnerability in Montala Resourcespace In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value. | 6.5 |
| 2022-07-16 | CVE-2021-34538 | Missing Authentication for Critical Function vulnerability in Apache Hive Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. | 7.5 |