Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-13 | CVE-2021-44152 | Missing Authentication for Critical Function vulnerability in Reprisesoftware Reprise License Manager An issue was discovered in Reprise RLM 14.2. | 9.8 |
| 2021-12-07 | CVE-2021-34543 | Missing Authentication for Critical Function vulnerability in BKW Solar-Log 500 Firmware The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. | 7.5 |
| 2021-11-29 | CVE-2021-38147 | Missing Authentication for Critical Function vulnerability in Wipro Holmes 20.4.1 Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel. | 7.5 |
| 2021-11-29 | CVE-2021-38283 | Missing Authentication for Critical Function vulnerability in Wipro Holmes 20.4.1 Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application log files containing sensitive information via a predictable /log URI. | 7.5 |
| 2021-11-29 | CVE-2021-44077 | Missing Authentication for Critical Function vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. | 9.8 |
| 2021-11-23 | CVE-2021-42783 | Missing Authentication for Critical Function vulnerability in Dlink Dwr-932C E1 Firmware Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions. | 9.8 |
| 2021-11-01 | CVE-2021-20136 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.3 ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. | 9.8 |
| 2021-10-31 | CVE-2021-33259 | Missing Authentication for Critical Function vulnerability in D-Link Dir-868Lw Firmware 1.12B Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history. | 5.3 |
| 2021-10-25 | CVE-2021-37624 | Missing Authentication for Critical Function vulnerability in Freeswitch FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. | 7.5 |
| 2021-10-22 | CVE-2021-38457 | Missing Authentication for Critical Function vulnerability in Auvesy Versiondog The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication. | 9.8 |