Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-24 | CVE-2017-1523 | Missing Authentication for Critical Function vulnerability in IBM Infosphere Master Data Management 11.5 IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. | 7.5 |
| 2017-10-10 | CVE-2017-5637 | Missing Authentication for Critical Function vulnerability in multiple products Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. | 7.5 |
| 2017-10-04 | CVE-2017-12822 | Missing Authentication for Critical Function vulnerability in Sentinel LDK RTE Firmware 7.50 Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors. | 9.9 |
| 2017-10-03 | CVE-2017-13997 | Missing Authentication for Critical Function vulnerability in Schneider-Electric Wonderware Indusoft web Studio and Wonderware Intouch A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. | 9.8 |
| 2017-09-30 | CVE-2017-14350 | Missing Authentication for Critical Function vulnerability in HP Application Performance Management 9.26/9.30/9.40 A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. | 9.8 |
| 2017-09-28 | CVE-2017-1483 | Missing Authentication for Critical Function vulnerability in IBM products IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 8.6 |
| 2017-09-13 | CVE-2017-14417 | Missing Authentication for Critical Function vulnerability in Dlink Dir-850L Firmware register_send.php on D-Link DIR-850L REV. | 9.8 |
| 2017-09-09 | CVE-2017-12733 | Missing Authentication for Critical Function vulnerability in Opwglobal products A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. | 9.8 |
| 2017-08-18 | CVE-2017-12440 | Missing Authentication for Critical Function vulnerability in Openstack 07132017 Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee. | 7.5 |
| 2017-07-28 | CVE-2017-4919 | Missing Authentication for Critical Function vulnerability in VMWare Vcenter Server 5.5/6.0/6.5 VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. | 9.0 |