Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2018-03-15 CVE-2018-6223 Missing Authentication for Critical Function vulnerability in Trendmicro Email Encryption Gateway 5.5
A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters.
network
low complexity
trendmicro CWE-306
critical
9.8
2018-03-09 CVE-2018-0521 Missing Authentication for Critical Function vulnerability in Buffalo Wxr-1900Dhp2 Firmware 2.48
Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.
low complexity
buffalo CWE-306
8.8
2018-03-09 CVE-2017-10854 Missing Authentication for Critical Function vulnerability in Corega Cg-Wgr 1200 Firmware 2.20
Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors.
low complexity
corega CWE-306
8.8
2018-03-08 CVE-2014-7271 Missing Authentication for Critical Function vulnerability in multiple products
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.
local
low complexity
sddm-project fedoraproject CWE-306
7.8
2018-03-08 CVE-2018-4838 Missing Authentication for Critical Function vulnerability in Siemens products
A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22).
network
low complexity
siemens CWE-306
7.5
2018-03-01 CVE-2018-2368 Missing Authentication for Critical Function vulnerability in SAP Netweaver System Landscape Directory
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.
network
low complexity
sap CWE-306
critical
9.8
2018-02-22 CVE-2018-7301 Missing Authentication for Critical Function vulnerability in Eq-3 Homematic Central Control Unit Ccu2 Firmware 2.29.22
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication.
network
low complexity
eq-3 CWE-306
critical
9.8
2018-02-15 CVE-2017-12720 Missing Authentication for Critical Function vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6
An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6.
network
high complexity
smiths-medical CWE-306
8.1
2018-02-08 CVE-2018-0127 Missing Authentication for Critical Function vulnerability in Cisco Rv132W Firmware and Rv134W Firmware
A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information.
network
low complexity
cisco CWE-306
critical
9.8
2018-01-09 CVE-2018-2360 Missing Authentication for Critical Function vulnerability in SAP Kernel 7.45/7.49/7.52
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.
network
low complexity
sap CWE-306
7.5