Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-10 | CVE-2018-0181 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. | 9.8 |
| 2019-01-08 | CVE-2019-0246 | Missing Authentication for Critical Function vulnerability in SAP Cloud Connector SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity. | 9.8 |
| 2019-01-03 | CVE-2018-18995 | Missing Authentication for Critical Function vulnerability in ABB Gate-E1 Firmware and Gate-E2 Firmware Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses. | 9.8 |
| 2019-01-03 | CVE-2018-18264 | Missing Authentication for Critical Function vulnerability in Kubernetes Dashboard Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. | 7.5 |
| 2018-12-24 | CVE-2018-19248 | Missing Authentication for Critical Function vulnerability in Epson Workforce Wf-2861 Firmware 10.48Lq22I3/10.51.Lq20I6/10.52.Lq17Ia The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI. | 9.1 |
| 2018-12-07 | CVE-2018-17924 | Missing Authentication for Critical Function vulnerability in Rockwellautomation products Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. | 8.6 |
| 2018-11-14 | CVE-2018-7357 | Missing Authentication for Critical Function vulnerability in ZTE Zxhn H168N Firmware ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. | 8.8 |
| 2018-10-22 | CVE-2018-13114 | Missing Authentication for Critical Function vulnerability in Keruigroup Ypc99 Firmware Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command. | 9.8 |
| 2018-10-11 | CVE-2018-1745 | Missing Authentication for Critical Function vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. | 7.5 |
| 2018-10-10 | CVE-2018-16758 | Missing Authentication for Critical Function vulnerability in multiple products Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. | 5.9 |