Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2020-11-27 CVE-2020-29138 Missing Authentication for Critical Function vulnerability in Sagemcom F@St 3486 Router Firmware 4.109.0
Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running.
network
low complexity
sagemcom CWE-306
5.3
5.3
2020-11-24 CVE-2020-29058 Missing Authentication for Critical Function vulnerability in Cdatatec products
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices.
network
low complexity
cdatatec CWE-306
critical
 9.8
9.8
2020-11-23 CVE-2020-27985 Missing Authentication for Critical Function vulnerability in Securityonionsolutions Security Onion
Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup.
local
low complexity
securityonionsolutions CWE-306
7.8
7.8
2020-11-18 CVE-2020-3531 Missing Authentication for Critical Function vulnerability in Cisco IOT Field Network Director
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system.
network
low complexity
cisco CWE-306
critical
 9.8
9.8
2020-11-18 CVE-2020-3392 Missing Authentication for Critical Function vulnerability in Cisco IOT Field Network Director
A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system.
network
low complexity
cisco CWE-306
7.5
7.5
2020-11-10 CVE-2020-26824 Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service.
network
low complexity
sap CWE-306
critical
 10.0
10
2020-11-10 CVE-2020-26823 Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service.
network
low complexity
sap CWE-306
critical
 10.0
10
2020-11-10 CVE-2020-26822 Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service.
network
low complexity
sap CWE-306
critical
 10.0
10
2020-11-10 CVE-2020-26821 Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.
network
low complexity
sap CWE-306
critical
 10.0
10
2020-11-09 CVE-2020-27019 Missing Authentication for Critical Function vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key.
local
low complexity
trendmicro CWE-306
5.5
5.5