Vulnerabilities > Missing Authentication for Critical Function
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-19 | CVE-2019-15654 | Missing Authentication for Critical Function vulnerability in Comba Ac2400 Firmware Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. | 7.5 |
2020-03-19 | CVE-2019-12127 | Missing Authentication for Critical Function vulnerability in Onap Open Network Automation Platform 3.0.0/3.0.1/3.0.2 In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. | 7.5 |
2020-03-19 | CVE-2019-12126 | Missing Authentication for Critical Function vulnerability in Onap Open Network Automation Platform 3.0.0/3.0.1/3.0.2 In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. | 7.5 |
2020-03-19 | CVE-2019-12125 | Missing Authentication for Critical Function vulnerability in Onap Open Network Automation Platform 3.0.0/3.0.1/3.0.2 In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. | 7.5 |
2020-03-19 | CVE-2019-12130 | Missing Authentication for Critical Function vulnerability in Onap Open Network Automation Platform In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. | 10.0 |
2020-03-19 | CVE-2019-12129 | Missing Authentication for Critical Function vulnerability in Onap Open Network Automation Platform In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. | 10.0 |
2020-03-19 | CVE-2019-12128 | Missing Authentication for Critical Function vulnerability in Onap Open Network Automation Platform In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. | 10.0 |
2020-03-17 | CVE-2019-20105 | Missing Authentication for Critical Function vulnerability in Atlassian Application Links The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass "WebSudo" in products that support "WebSudo" through an improper access control vulnerability. | 4.0 |
2020-03-13 | CVE-2019-13194 | Missing Authentication for Critical Function vulnerability in Brother products Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL. | 7.5 |
2020-03-13 | CVE-2020-10079 | Missing Authentication for Critical Function vulnerability in Gitlab GitLab 7.10 through 12.8.1 has Incorrect Access Control. | 5.0 |