Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-10 | CVE-2020-6263 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass. | 9.8 |
| 2020-06-09 | CVE-2020-12004 | Missing Authentication for Critical Function vulnerability in Inductiveautomation Ignition Gateway The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | 7.5 |
| 2020-06-09 | CVE-2020-5589 | Missing Authentication for Critical Function vulnerability in Sony products SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product. | 8.8 |
| 2020-06-08 | CVE-2020-10754 | Missing Authentication for Critical Function vulnerability in multiple products It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. | 4.3 |
| 2020-06-04 | CVE-2020-13838 | Missing Authentication for Critical Function vulnerability in Google Android 10.0/9.0 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. | 3.5 |
| 2020-06-04 | CVE-2020-13837 | Missing Authentication for Critical Function vulnerability in Google Android 10.0 An issue was discovered on Samsung mobile devices with Q(10.0) software. | 3.5 |
| 2020-06-03 | CVE-2020-3333 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. | 5.3 |
| 2020-06-03 | CVE-2020-7115 | Missing Authentication for Critical Function vulnerability in Arubanetworks Clearpass Policy Manager The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. | 9.8 |
| 2020-06-02 | CVE-2020-12017 | Missing Authentication for Critical Function vulnerability in GE Rt430 Firmware, Rt431 Firmware and Rt434 Firmware GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. | 9.8 |
| 2020-05-20 | CVE-2020-1955 | Missing Authentication for Critical Function vulnerability in Apache Couchdb 3.0.0 CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. | 9.8 |