Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-36851 | Missing Authentication for Critical Function vulnerability in Juniper Junos A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * 21.2 versions prior to 21.2R3-S8; * 21.4 versions prior to 21.4R3-S6; * 22.1 versions prior to 22.1R3-S5; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S2; * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2. | 5.3 |
| 2023-09-25 | CVE-2023-43644 | Missing Authentication for Critical Function vulnerability in Sagernet Sing-Box Sing-box is an open source proxy system. | 9.8 |
| 2023-09-14 | CVE-2023-4516 | Missing Authentication for Critical Function vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content. | 7.8 |
| 2023-09-12 | CVE-2023-41367 | Missing Authentication for Critical Function vulnerability in SAP Netweaver 7.50 Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. | 5.3 |
| 2023-09-07 | CVE-2023-4815 | Missing Authentication for Critical Function vulnerability in Answer Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3. | 8.8 |
| 2023-09-05 | CVE-2023-31132 | Missing Authentication for Critical Function vulnerability in Cacti Cacti is an open source operational monitoring and fault management framework. | 7.8 |
| 2023-08-31 | CVE-2023-34392 | Missing Authentication for Critical Function vulnerability in Selinc Sel-5037 SEL Grid Configurator A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | 8.8 |
| 2023-08-30 | CVE-2023-40598 | Missing Authentication for Critical Function vulnerability in Splunk In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. | 8.8 |
| 2023-08-28 | CVE-2023-40170 | Missing Authentication for Critical Function vulnerability in Jupyter Server jupyter-server is the backend for Jupyter web applications. | 6.1 |
| 2023-08-28 | CVE-2023-38030 | Missing Authentication for Critical Function vulnerability in Saho Adm-100 Firmware and Adm-100Fp Firmware Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. | 7.5 |