Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-11 | CVE-2020-25566 | Missing Authentication for Critical Function vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. | 9.8 |
| 2021-08-02 | CVE-2021-37843 | Missing Authentication for Critical Function vulnerability in Atlassian Saml Single Sign on The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). | 9.8 |
| 2021-07-29 | CVE-2020-36239 | Missing Authentication for Critical Function vulnerability in Atlassian Jira Data Center Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. | 9.8 |
| 2021-07-26 | CVE-2021-32794 | Missing Authentication for Critical Function vulnerability in Archisteamfarm Project Archisteamfarm ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. | 7.5 |
| 2021-07-21 | CVE-2020-21934 | Missing Authentication for Critical Function vulnerability in Motorola CX2 Firmware 1.0.2 An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where authentication to download the Syslog could be bypassed. | 7.5 |
| 2021-07-21 | CVE-2020-21936 | Missing Authentication for Critical Function vulnerability in Motorola CX2 Firmware 1.0.2 An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to access the components GetStationSettings, GetWebsiteFilterSettings and GetNetworkSettings without authentication. | 5.3 |
| 2021-07-21 | CVE-2021-22772 | Missing Authentication for Critical Function vulnerability in Schneider-Electric T200E Firmware, T200I Firmware and T200P Firmware A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 ((Modbus) SC2-04MOD-07000100 and earlier), Easergy T200 ((IEC104) SC2-04IEC-07000100 and earlier), and Easergy T200 ((DNP3) SC2-04DNP-07000102 and earlier) that could cause unauthorized operation when authentication is bypassed. | 9.8 |
| 2021-07-07 | CVE-2021-20474 | Missing Authentication for Critical Function vulnerability in IBM Guardium Data Encryption 3.0.0.2/4.0.0.4 IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. | 7.5 |
| 2021-07-07 | CVE-2021-33221 | Missing Authentication for Critical Function vulnerability in Commscope Ruckus IOT Controller 1.7.1.0 An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. | 9.8 |
| 2021-07-07 | CVE-2021-34621 | Missing Authentication for Critical Function vulnerability in Properfraction Profilepress A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. | 9.8 |