152 matches found
CVE-2022-31463
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used...
CVE-2022-31463
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used...
F5 BIG-IP 代码问题漏洞
F5 BIG-IP APM Edge Client for Windows is a client-side access control authentication access client application from F5. F5 BIG-IP has a code issue vulnerability that can be exploited by attackers to gain privilege escalation on client Windows systems using a malicious dynamic link library DLL...
Rockwell Automation MicroLogix Controllers and RSLogix 500 Software Use of Client-Side Authentication (CVE-2020-6988)
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim's MicroLogix...
CVE-2021-23196
The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently...
CVE-2021-43355 Fresenius Kabi Agilia Connect Infusion System use of client side authentication
Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...
CVE-2021-43355 Fresenius Kabi Agilia Connect Infusion System use of client side authentication
Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...
Fresenius Kabi Agilia Connect Infusion System 授权问题漏洞
An authorization issue vulnerability exists in the Fresenius Kabi Agilia Connect Infusion System, an infusion system from the German company Fresenius Kabi, which stems from the product's client-side implementation of only authentication and session management mechanisms. No detailed vulnerabilit...
Fresenius Kabi Agilia Connect Infusion System (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Fresenius Kabi Equipment: Agilia Connect Infusion System Vulnerabilities: Uncontrolled Resource Consumption, Use of a Broken or Risky Cryptographic Algorithm, Insufficiently Protected Credentials,...
CVE-2021-41286
Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a...
CVE-2021-41286
Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a...
Default credentials
Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations that have the same software version. This provides remote access to SQL database credentials. In the normal use of the product, retrieving those...
CVE-2022-3218
Due to a reliance on client-side authentication, the WiFi Mouse Mouse Server from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution...
CVE-2020-24683
The affected versions of S+ Operations version 2.1 SP1 and earlier used an approach for user authentication which relies on validation at the client node client-side authentication. This is not as secure as having the server validate a client application before allowing a connection. Therefore, i...
Authentication flaw
The affected versions of S+ Operations version 2.1 SP1 and earlier used an approach for user authentication which relies on validation at the client node client-side authentication. This is not as secure as having the server validate a client application before allowing a connection. Therefore, i...
CVE-2020-24683 Authentication Bypass in Symphony Plus
The affected versions of S+ Operations version 2.1 SP1 and earlier used an approach for user authentication which relies on validation at the client node client-side authentication. This is not as secure as having the server validate a client application before allowing a connection. Therefore, i...
CVE-2020-28250
Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side...
Siemens SIPORT MP
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPORT MP Vulnerability : Use of client-side authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to impersonate...
CVE-2020-25251
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information...
CVE-2020-25251
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information...