Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2020-11-10 CVE-2020-26821 Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.
network
low complexity
sap CWE-306
critical
10.0
2020-11-09 CVE-2020-27019 Missing Authentication for Critical Function vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key.
local
low complexity
trendmicro CWE-306
5.5
2020-11-06 CVE-2020-10291 Missing Authentication for Critical Function vulnerability in Kuka Visual Components Network License Server 2.0.8
Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes.
network
low complexity
kuka CWE-306
7.5
2020-11-04 CVE-2020-7128 Missing Authentication for Critical Function vulnerability in Arubanetworks Airwave Glass 1.2.1/1.3.0/1.3.1
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
network
low complexity
arubanetworks CWE-306
critical
9.8
2020-10-28 CVE-2020-25966 Missing Authentication for Critical Function vulnerability in Sectona Spectra 3.2.0
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication.
network
low complexity
sectona CWE-306
7.5
2020-10-21 CVE-2018-11764 Missing Authentication for Critical Function vulnerability in Apache Hadoop 3.0.0
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0.
network
low complexity
apache CWE-306
8.8
2020-10-20 CVE-2020-7370 Missing Authentication for Critical Function vulnerability in Boltbrowser Bolt Browser
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser.
network
low complexity
boltbrowser CWE-306
4.3
2020-10-20 CVE-2020-7369 Missing Authentication for Critical Function vulnerability in Yandex Browser
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser.
network
low complexity
yandex CWE-306
4.3
2020-10-14 CVE-2020-25824 Missing Authentication for Critical Function vulnerability in Telegram Desktop
Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard.
low complexity
telegram CWE-306
2.4
2020-10-08 CVE-2020-15243 Missing Authentication for Critical Function vulnerability in Smartstore 4.0.0/4.0.1
Affected versions of Smartstore have a missing WebApi Authentication attribute.
network
low complexity
smartstore CWE-306
critical
9.8