Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-20 | CVE-2019-1629 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. | 5.3 |
| 2019-06-19 | CVE-2019-12890 | Missing Authentication for Critical Function vulnerability in Redwoodhq 2.0/2.5.5 RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call. | 9.8 |
| 2019-06-12 | CVE-2019-0312 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Process Integration Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. | 5.3 |
| 2019-06-12 | CVE-2017-15123 | Missing Authentication for Critical Function vulnerability in Redhat Cloudforms Management Engine A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. | 5.3 |
| 2019-06-11 | CVE-2019-3411 | Missing Authentication for Critical Function vulnerability in ZTE Mf920 Firmware All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. | 7.5 |
| 2019-06-10 | CVE-2019-9881 | Missing Authentication for Critical Function vulnerability in Wpengine Wpgraphql 0.2.3 The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. | 5.3 |
| 2019-06-10 | CVE-2019-9880 | Missing Authentication for Critical Function vulnerability in Wpengine Wpgraphql 0.2.3 An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. | 9.1 |
| 2019-06-10 | CVE-2019-9879 | Missing Authentication for Critical Function vulnerability in Wpengine Wpgraphql 0.2.3 The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. | 9.8 |
| 2019-06-06 | CVE-2019-6451 | Missing Authentication for Critical Function vulnerability in Soyal Ar-727H Firmware and Ar-829Ev5 Firmware On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthenticated POST access. | 7.5 |
| 2019-05-31 | CVE-2019-9105 | Missing Authentication for Critical Function vulnerability in Saet Tebe Small Firmware and Webapp The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call. | 7.5 |