Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2021-08-16 CVE-2021-35936 Missing Authentication for Critical Function vulnerability in Apache Airflow
If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default.
network
low complexity
apache CWE-306
5.3
2021-08-11 CVE-2020-25563 Missing Authentication for Critical Function vulnerability in Sapphireims 5.0
In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID.
network
low complexity
sapphireims CWE-306
critical
9.8
2021-08-11 CVE-2020-25566 Missing Authentication for Critical Function vulnerability in Sapphireims 5.0
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC.
network
low complexity
sapphireims CWE-306
critical
9.8
2021-08-02 CVE-2021-37843 Missing Authentication for Critical Function vulnerability in Atlassian Saml Single Sign on
The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided).
network
low complexity
atlassian CWE-306
critical
9.8
2021-07-29 CVE-2020-36239 Missing Authentication for Critical Function vulnerability in Atlassian Jira Data Center
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability.
network
low complexity
atlassian CWE-306
critical
9.8
2021-07-26 CVE-2021-32794 Missing Authentication for Critical Function vulnerability in Archisteamfarm Project Archisteamfarm
ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously.
network
high complexity
archisteamfarm-project CWE-306
7.5
2021-07-21 CVE-2020-21934 Missing Authentication for Critical Function vulnerability in Motorola CX2 Firmware 1.0.2
An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where authentication to download the Syslog could be bypassed.
network
low complexity
motorola CWE-306
7.5
2021-07-21 CVE-2020-21936 Missing Authentication for Critical Function vulnerability in Motorola CX2 Firmware 1.0.2
An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to access the components GetStationSettings, GetWebsiteFilterSettings and GetNetworkSettings without authentication.
network
low complexity
motorola CWE-306
5.3
2021-07-21 CVE-2021-22772 Missing Authentication for Critical Function vulnerability in Schneider-Electric T200E Firmware, T200I Firmware and T200P Firmware
A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 ((Modbus) SC2-04MOD-07000100 and earlier), Easergy T200 ((IEC104) SC2-04IEC-07000100 and earlier), and Easergy T200 ((DNP3) SC2-04DNP-07000102 and earlier) that could cause unauthorized operation when authentication is bypassed.
network
low complexity
schneider-electric CWE-306
critical
9.8
2021-07-21 CVE-2021-22784 Missing Authentication for Critical Function vulnerability in Schneider-Electric C-Bus Toolkit 1.15.7/1.15.8/1.15.9
A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system.
network
low complexity
schneider-electric CWE-306
5.7