Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-08 | CVE-2018-4838 | Missing Authentication for Critical Function vulnerability in Siemens products A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). | 5.0 |
| 2018-03-01 | CVE-2018-2368 | Missing Authentication for Critical Function vulnerability in SAP Netweaver System Landscape Directory SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. | 7.5 |
| 2018-02-22 | CVE-2018-7301 | Missing Authentication for Critical Function vulnerability in Eq-3 Homematic Central Control Unit Ccu2 Firmware 2.29.22 eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. | 7.5 |
| 2018-02-15 | CVE-2017-12720 | Missing Authentication for Critical Function vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 6.8 |
| 2018-02-08 | CVE-2018-0127 | Missing Authentication for Critical Function vulnerability in Cisco Rv132W Firmware and Rv134W Firmware A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. | 5.0 |
| 2018-01-09 | CVE-2018-2360 | Missing Authentication for Critical Function vulnerability in SAP Kernel 7.45/7.49/7.52 SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. | 5.0 |
| 2017-12-31 | CVE-2017-18001 | Missing Authentication for Critical Function vulnerability in Trustwave Secure web Gateway 11.8.0.27 Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI. | 10.0 |
| 2017-12-20 | CVE-2017-17747 | Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Sg108E Firmware 1.0.0 Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. | 2.7 |
| 2017-12-20 | CVE-2017-17746 | Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Sg108E Firmware 1.0.0 Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. | 7.7 |
| 2017-12-12 | CVE-2017-12155 | Missing Authentication for Critical Function vulnerability in Ceph A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. | 3.3 |