855 matches found
CVE-2023-29411
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface...
CVE-2023-29411
CVE-2023-29411 describes a Missing Authentication for Critical Function vulnerability in Schneider Electric’s Easy UPS Online Monitoring Software (Windows APC Easy UPS Online Monitoring Software and Schneider Electric Easy UPS Online Monitoring Software). The flaw allows changes to administrative...
The vulnerability of the SAP Diagnostic Agent lies in the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker operating remotely to compromise confidentiality, integrity, and accessibility of data.
The vulnerability of the SAP Diagnostic Agent relates to the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker operating remotely to compromise confidentiality, integrity, and accessibility...
CVE-2022-41331
A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...
CVE-2022-41331
A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...
The vulnerability of the Apache OpenMeetings video conferencing software lies in the lack of authentication for a critical function, which allows attackers to elevate their privileges.
The vulnerability of the Apache OpenMeetings video conferencing software lies in the lack of authentication for critical functions. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
Honeywell OneWireless Wireless Device Manager
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: OneWireless Wireless Device Manager WDM Vulnerabilities: Command Injection, Use of Insufficiently Random Values, Missing Authentication for Critical Function 2. RISK EVALUATION...
CVE-2023-27983
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...
CVE-2023-27983
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...
CVE-2023-27980
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...
CVE-2023-27980
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...
CVE-2023-27980
CVE-2023-27980 : A CWE-306 vulnerability exists in Schneider Electric IGSS components (Data Server, Dashboard, Custom Reports) with versions 16.0.0.23040 and prior. The issue is a missing authentication for a critical function in the Data Server TCP interface, enabling creation of a malicious rep...
CVE-2023-27983
CVE-2023-27983 is a Missing Authentication for Critical Function (CWE-306) vulnerability in Schneider Electric IGSS components. The issue resides in the Data Server TCP interface and could allow deletion of reports from the IGSS project report directory, leading to data loss. Affected products/ve...
Wago Multiple Products Web-based Management Missing Authentication for Critical Function (CVE-2022-45138)
The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the devic...
The vulnerability of the MKLogic-500 PLC configuration protocol, related to the lack of authentication for critical functions, allows attackers to alter the device’s operating logic.
The vulnerability of the MKLogic-500 PLC configuration protocol lies in the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker, operating remotely, to alter the device’s operating logic...
The vulnerability in the web-based interface for controlling programmable logic controllers WAGO PFC100/PFC200, CC100, Edge Controller, and sensor panels WAGO Touch Panel 600 allows a intruder to execute arbitrary code.
The vulnerability of the web-based interface for controlling WAGO PFC100/PFC200, CC100, Edge Controller, and WAGO Touch Panel 600 programmable logic controllers is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker operating...
CVE-2022-45138 WAGO: Missing Authentication for Critical Function
The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the devic...
Authentication flaw
Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000...
CVE-2023-0919
Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...
CVE-2023-0919
Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...