Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2024-07-10 CVE-2024-5910 Missing Authentication for Critical Function vulnerability in Paloaltonetworks Expedition
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment.
network
low complexity
paloaltonetworks CWE-306
critical
 9.8
9.8
2024-06-27 CVE-2024-31916 Missing Authentication for Critical Function vulnerability in IBM Openbmc
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels.
network
low complexity
ibm CWE-306
7.5
7.5
2024-06-14 CVE-2024-37368 Missing Authentication for Critical Function vulnerability in Rockwellautomation Factorytalk View 11.0/12.0/13.0
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE.
network
low complexity
rockwellautomation CWE-306
7.5
7.5
2024-06-13 CVE-2024-5947 Missing Authentication for Critical Function vulnerability in Deepseaelectronics Dse855 Firmware 1.1.0
Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability.
low complexity
deepseaelectronics CWE-306
6.5
6.5
2024-06-13 CVE-2024-5951 Missing Authentication for Critical Function vulnerability in Deepseaelectronics Dse855 Firmware 1.1.0
Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability.
low complexity
deepseaelectronics CWE-306
6.5
6.5
2024-06-13 CVE-2024-5952 Missing Authentication for Critical Function vulnerability in Deepseaelectronics Dse855 Firmware 1.1.0
Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability.
low complexity
deepseaelectronics CWE-306
6.5
6.5
2024-06-13 CVE-2024-38279 Missing Authentication for Critical Function vulnerability in Motorola Vigilant Fixed LPR Coms BOX Firmware
The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.
low complexity
motorola CWE-306
4.6
4.6
2024-06-11 CVE-2024-2013 Missing Authentication for Critical Function vulnerability in Hitachienergy Foxman-Un and Unem
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.
network
low complexity
hitachienergy CWE-306
critical
 10.0
10
2024-06-06 CVE-2024-22326 Missing Authentication for Critical Function vulnerability in IBM Ds8900F Firmware
IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection.
network
low complexity
ibm CWE-306
6.3
6.3
2024-06-06 CVE-2024-37152 Missing Authentication for Critical Function vulnerability in Argoproj Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
network
low complexity
argoproj CWE-306
7.5
7.5