Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-01 | CVE-2021-37415 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. | 9.8 |
| 2021-08-31 | CVE-2021-27668 | Missing Authentication for Critical Function vulnerability in Hashicorp Vault HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. | 5.3 |
| 2021-08-25 | CVE-2021-33882 | Missing Authentication for Critical Function vulnerability in Bbraun Spacecom2 A Missing Authentication for Critical Function vulnerability in B. | 8.6 |
| 2021-08-19 | CVE-2021-31868 | Missing Authentication for Critical Function vulnerability in Rapid7 Nexpose Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. | 5.4 |
| 2021-08-16 | CVE-2021-35936 | Missing Authentication for Critical Function vulnerability in Apache Airflow If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. | 5.3 |
| 2021-08-11 | CVE-2020-25563 | Missing Authentication for Critical Function vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID. | 9.8 |
| 2021-08-11 | CVE-2020-25566 | Missing Authentication for Critical Function vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. | 9.8 |
| 2021-08-02 | CVE-2021-37843 | Missing Authentication for Critical Function vulnerability in Atlassian Saml Single Sign on The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). | 9.8 |
| 2021-07-29 | CVE-2020-36239 | Missing Authentication for Critical Function vulnerability in Atlassian Jira Data Center Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. | 9.8 |
| 2021-07-26 | CVE-2021-32794 | Missing Authentication for Critical Function vulnerability in Archisteamfarm Project Archisteamfarm ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. | 7.5 |