Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2020-05-20 CVE-2020-1955 Missing Authentication for Critical Function vulnerability in Apache Couchdb 3.0.0
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`.
network
low complexity
apache CWE-306
critical
 9.8
9.8
2020-05-15 CVE-2019-18666 Missing Authentication for Critical Function vulnerability in Dlink Dap-1360 Revision F Firmware 6.12B01
An issue was discovered on D-Link DAP-1360 revision F devices.
network
low complexity
dlink CWE-306
critical
 9.8
9.8
2020-05-14 CVE-2020-12877 Missing Authentication for Critical Function vulnerability in Veritas Aptare
Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication.
network
low complexity
veritas CWE-306
7.5
7.5
2020-05-12 CVE-2020-6242 Missing Authentication for Critical Function vulnerability in SAP Businessobjects Business Intelligence Platform
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.
network
low complexity
sap CWE-306
critical
 9.8
9.8
2020-05-10 CVE-2020-9315 Missing Authentication for Critical Function vulnerability in Oracle Iplanet web Server 7.0/7.0.27
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys.
network
low complexity
oracle CWE-306
7.5
7.5
2020-05-08 CVE-2020-12720 Missing Authentication for Critical Function vulnerability in Vbulletin
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
network
low complexity
vbulletin CWE-306
critical
 9.8
9.8
2020-05-07 CVE-2020-10974 Missing Authentication for Critical Function vulnerability in Wavlink products
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password.
network
low complexity
wavlink CWE-306
7.5
7.5
2020-05-07 CVE-2020-10973 Missing Authentication for Critical Function vulnerability in Wavlink products
An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password.
network
low complexity
wavlink CWE-306
7.5
7.5
2020-05-01 CVE-2020-12117 Missing Authentication for Critical Function vulnerability in Moxa Nport 5100A Firmware 1.5
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800.
network
low complexity
moxa CWE-306
5.3
5.3
2020-04-30 CVE-2020-11028 Missing Authentication for Critical Function vulnerability in multiple products
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions.
network
low complexity
wordpress debian CWE-306
7.5
7.5