Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2017-10-04 CVE-2017-12822 Missing Authentication for Critical Function vulnerability in Sentinel LDK RTE Firmware 7.50
Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.
network
low complexity
sentinel CWE-306
critical
9.9
2017-10-03 CVE-2017-13997 Missing Authentication for Critical Function vulnerability in Schneider-Electric Wonderware Indusoft web Studio and Wonderware Intouch
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior.
network
low complexity
schneider-electric CWE-306
critical
9.8
2017-09-30 CVE-2017-14350 Missing Authentication for Critical Function vulnerability in HP Application Performance Management 9.26/9.30/9.40
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40.
network
low complexity
hp CWE-306
critical
9.8
2017-09-28 CVE-2017-1483 Missing Authentication for Critical Function vulnerability in IBM products
IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.
network
low complexity
ibm CWE-306
8.6
2017-09-13 CVE-2017-14417 Missing Authentication for Critical Function vulnerability in Dlink Dir-850L Firmware
register_send.php on D-Link DIR-850L REV.
network
low complexity
dlink CWE-306
critical
9.8
2017-09-09 CVE-2017-12733 Missing Authentication for Critical Function vulnerability in Opwglobal products
A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1.
network
low complexity
opwglobal CWE-306
critical
9.8
2017-08-18 CVE-2017-12440 Missing Authentication for Critical Function vulnerability in Openstack 07132017
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee.
network
high complexity
openstack CWE-306
7.5
2017-07-28 CVE-2017-4919 Missing Authentication for Critical Function vulnerability in VMWare Vcenter Server 5.5/6.0/6.5
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.
network
high complexity
vmware CWE-306
critical
9.0
2017-07-12 CVE-2017-4055 Missing Authentication for Critical Function vulnerability in Mcafee Advanced Threat Defense
Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization.
network
low complexity
mcafee CWE-306
7.5
2017-07-12 CVE-2017-4052 Missing Authentication for Critical Function vulnerability in Mcafee Advanced Threat Defense
Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter.
network
low complexity
mcafee CWE-306
critical
9.8