Lucene search
K

152 matches found

OSV
OSV
added 2022/06/02 10:15 p.m.4 views

CVE-2022-31463

Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used...

7.1CVSS7.4AI score0.00967EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/06/02 10:15 p.m.28 views

CVE-2022-31463

Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used...

8.2CVSS7.3AI score0.00967EPSS
In wildExploits1References4
CNNVD
CNNVD
added 2022/05/04 12:0 a.m.5 views

F5 BIG-IP 代码问题漏洞

F5 BIG-IP APM Edge Client for Windows is a client-side access control authentication access client application from F5. F5 BIG-IP has a code issue vulnerability that can be exploited by attackers to gain privilege escalation on client Windows systems using a malicious dynamic link library DLL...

7.8CVSS7.5AI score0.00288EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.29 views

Rockwell Automation MicroLogix Controllers and RSLogix 500 Software Use of Client-Side Authentication (CVE-2020-6988)

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim's MicroLogix...

7.5CVSS7.1AI score0.03887EPSS
Exploits0References3
NVD
NVD
added 2022/01/21 7:15 p.m.19 views

CVE-2021-23196

The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently...

9.8CVSS0.00909EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.34 views

CVE-2021-43355 Fresenius Kabi Agilia Connect Infusion System use of client side authentication

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...

7.3CVSS9.8AI score0.00978EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/01/21 6:17 p.m.9 views

CVE-2021-43355 Fresenius Kabi Agilia Connect Infusion System use of client side authentication

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...

7.3CVSS9.6AI score0.00978EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.6 views

Fresenius Kabi Agilia Connect Infusion System 授权问题漏洞

An authorization issue vulnerability exists in the Fresenius Kabi Agilia Connect Infusion System, an infusion system from the German company Fresenius Kabi, which stems from the product's client-side implementation of only authentication and session management mechanisms. No detailed vulnerabilit...

9.8CVSS5.5AI score0.00909EPSS
Exploits0References5
ICS
ICS
added 2021/12/21 12:0 a.m.96 views

Fresenius Kabi Agilia Connect Infusion System (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Fresenius Kabi Equipment: Agilia Connect Infusion System Vulnerabilities: Uncontrolled Resource Consumption, Use of a Broken or Risky Cryptographic Algorithm, Insufficiently Protected Credentials,...

9.8CVSS8.7AI score0.0107EPSS
Exploits0References5
OSV
OSV
added 2021/10/05 4:15 p.m.4 views

CVE-2021-41286

Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a...

7.8CVSS7.1AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/10/05 3:30 p.m.26 views

CVE-2021-41286

Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a...

8AI score0.00227EPSS
Exploits0References1
Prion
Prion
added 2021/07/30 7:15 p.m.14 views

Default credentials

Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations that have the same software version. This provides remote access to SQL database credentials. In the normal use of the product, retrieving those...

5CVSS7.8AI score0.0117EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/02/25 2:0 p.m.3 views

CVE-2022-3218

Due to a reliance on client-side authentication, the WiFi Mouse Mouse Server from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution...

9.8CVSS7.7AI score0.73475EPSS
Exploits5References7Affected Software1
OSV
OSV
added 2020/12/22 10:15 p.m.4 views

CVE-2020-24683

The affected versions of S+ Operations version 2.1 SP1 and earlier used an approach for user authentication which relies on validation at the client node client-side authentication. This is not as secure as having the server validate a client application before allowing a connection. Therefore, i...

9.8CVSS5.8AI score0.01411EPSS
Exploits0References1
Prion
Prion
added 2020/12/22 10:15 p.m.24 views

Authentication flaw

The affected versions of S+ Operations version 2.1 SP1 and earlier used an approach for user authentication which relies on validation at the client node client-side authentication. This is not as secure as having the server validate a client application before allowing a connection. Therefore, i...

7.5CVSS9.5AI score0.01411EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/12/22 9:19 p.m.28 views

CVE-2020-24683 Authentication Bypass in Symphony Plus

The affected versions of S+ Operations version 2.1 SP1 and earlier used an approach for user authentication which relies on validation at the client node client-side authentication. This is not as secure as having the server validate a client application before allowing a connection. Therefore, i...

9.8CVSS9.6AI score0.01411EPSS
Exploits0References1
OSV
OSV
added 2020/11/06 7:15 a.m.5 views

CVE-2020-28250

Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side...

9.8CVSS7.4AI score0.02852EPSS
Exploits1References1
ICS
ICS
added 2020/10/13 12:0 a.m.48 views

Siemens SIPORT MP

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPORT MP Vulnerability : Use of client-side authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to impersonate...

8.8CVSS9AI score0.01461EPSS
Exploits0References9
OSV
OSV
added 2020/09/11 3:15 a.m.3 views

CVE-2020-25251

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information...

9.1CVSS7.3AI score0.01216EPSS
Exploits0References1
NVD
NVD
added 2020/09/11 3:15 a.m.21 views

CVE-2020-25251

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information...

9.1CVSS0.01216EPSS
Exploits0References1
Rows per page
Query Builder