The vulnerability of the TrueConf Server software lies in the lack of authentication for a critical function, which allows a perpetrator to trigger a service failure.

The vulnerability of the TrueConf Server software is related to the lack of authentication for a critical function. Exploiting this vulnerability allows a perpetrator to remotely cause service failures by sending specially crafted requests...

The vulnerability of the software for providing network connections for NGINX Service Mesh allows a hacker to bypass the authentication process.

The vulnerability of the NGINX Service Mesh software for providing network connections is related to the absence of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to bypass the authentication process...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 This repository conssists of the python exploit...

CVE-2021-33008 AVEVA System Platform Missing Authentication for Critical Function

AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity...

Philips e-Alert

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Philips Equipment: e-Alert Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthorized actor to...

CVE-2021-22805

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21243...

CVE-2021-22823

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...

CVE-2021-22823

CVE-2021-22823 affects Schneider Electric IGSS Interactive Graphical SCADA System Data Collector (dc.exe) on v15.0.0.21320 and earlier. It is a CWE-306 Missing Authentication for Critical Function vulnerability caused by lack of validation of network messages, which could lead to deletion of arbi...

The vulnerability of the graphical interface of the Apache APISIX Dashboard cloud API gateway lies in the lack of authentication for a critical function, allowing attackers to bypass the authentication process.

The vulnerability of the graphical interface of the Apache APISIX Dashboard cloud API gateway is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow a malicious actor to bypass the authentication process...

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly...

CVE-2022-22809

CVE-2022-22809 describes a CWE-306 Missing Authentication for Critical Function affecting Schneider Electric spaceLYnk, Wiser for KNX (formerly homeLYnk), and fellerLYnk, all with version 2.6.2 and prior. The issue allows unauthorized modification of touch configurations due to missing authentica...

Siemens SICAM MMU, SICAM T, and SICAM SGU Missing Authentication For Critical Function (CVE-2020-10044)

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the network could be able to install specially crafted firmware to the device. This plugin only works with Tenable.ot. Please visit...

Schneider Electric Modicon Controllers Uncaught Exception (CVE-2019-6808)

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus. This plugin only works with Tenable.ot...

CVE-2021-26264 Emerson DeltaV Missing Authentication for Critical Function

A specially crafted script could cause the DeltaV Distributed Control System Controllers All Versions to restart and cause a denial-of-service condition...

CVE-2021-26264 Emerson DeltaV Missing Authentication for Critical Function

A specially crafted script could cause the DeltaV Distributed Control System Controllers All Versions to restart and cause a denial-of-service condition...

Non-transferable critical privileged role

Handle gzeon Vulnerability details Impact DEPLOYER is a constant in Manager and it is the only role that can call setSherlockCoreAddress to change sherlockCore address. Consider this is a critical function and there might be a need to change the deplorer address in the future e.g. governance...

Missing Authentication for Critical Function in Apache NiFi

In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token one-time password mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens,...

GHSA-3PP3-77J6-8PH6 Missing Authentication for Critical Function in Apache NiFi

In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token one-time password mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens,...

Exploit for Missing Authentication for Critical Function in Apache Apisix_Dashboard

CVE-2021-45232-RCE CVE-2021-45232-RCE – Multi-threaded batch...