Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-12 | CVE-2020-6242 | Missing Authentication for Critical Function vulnerability in SAP Businessobjects Business Intelligence Platform SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check. | 9.8 |
| 2020-05-10 | CVE-2020-9315 | Missing Authentication for Critical Function vulnerability in Oracle Iplanet web Server 7.0/7.0.27 ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. | 7.5 |
| 2020-05-08 | CVE-2020-12720 | Missing Authentication for Critical Function vulnerability in Vbulletin vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | 9.8 |
| 2020-05-07 | CVE-2020-10974 | Missing Authentication for Critical Function vulnerability in Wavlink products An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. | 7.5 |
| 2020-05-07 | CVE-2020-10973 | Missing Authentication for Critical Function vulnerability in Wavlink products An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. | 7.5 |
| 2020-05-01 | CVE-2020-12117 | Missing Authentication for Critical Function vulnerability in Moxa Nport 5100A Firmware 1.5 Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. | 5.3 |
| 2020-04-30 | CVE-2020-11028 | Missing Authentication for Critical Function vulnerability in multiple products In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. | 7.5 |
| 2020-04-29 | CVE-2019-5620 | Missing Authentication for Critical Function vulnerability in Hitachienergy Microscada PRO Sys600 9.3 ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. | 9.8 |
| 2020-04-29 | CVE-2020-12478 | Missing Authentication for Critical Function vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. | 7.5 |
| 2020-04-28 | CVE-2020-10641 | Missing Authentication for Critical Function vulnerability in Inductiveautomation Ignition Gateway An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. | 7.5 |