Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-02 | CVE-2020-12017 | Missing Authentication for Critical Function vulnerability in GE Rt430 Firmware, Rt431 Firmware and Rt434 Firmware GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. | 9.8 |
| 2020-05-20 | CVE-2020-1955 | Missing Authentication for Critical Function vulnerability in Apache Couchdb 3.0.0 CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. | 9.8 |
| 2020-05-15 | CVE-2019-18666 | Missing Authentication for Critical Function vulnerability in Dlink Dap-1360 Revision F Firmware 6.12B01 An issue was discovered on D-Link DAP-1360 revision F devices. | 9.8 |
| 2020-05-14 | CVE-2020-12877 | Missing Authentication for Critical Function vulnerability in Veritas Aptare Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication. | 7.5 |
| 2020-05-12 | CVE-2020-6242 | Missing Authentication for Critical Function vulnerability in SAP Businessobjects Business Intelligence Platform SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check. | 9.8 |
| 2020-05-10 | CVE-2020-9315 | Missing Authentication for Critical Function vulnerability in Oracle Iplanet web Server 7.0/7.0.27 ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. | 7.5 |
| 2020-05-08 | CVE-2020-12720 | Missing Authentication for Critical Function vulnerability in Vbulletin vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | 9.8 |
| 2020-05-07 | CVE-2020-10974 | Missing Authentication for Critical Function vulnerability in Wavlink products An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. | 7.5 |
| 2020-05-07 | CVE-2020-10973 | Missing Authentication for Critical Function vulnerability in Wavlink products An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. | 7.5 |
| 2020-05-01 | CVE-2020-12117 | Missing Authentication for Critical Function vulnerability in Moxa Nport 5100A Firmware 1.5 Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. | 5.3 |