Missing Authentication for Critical Function

Shopware is an open source eCommerce platform. Creation of order credits was not validated by ACL in admin orders. Users are recommend to update to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versio...

SAP Netweaver JAVA 7.50 Missing Authorization

Onapsis Security Advisory 2021-0013: CVE-2020-26829 - Missing Authentication Check In SAP NetWeaver AS JAVA P2P Cluster communication Impact on Business A malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication, in order to connect to the...

CVE-2021-22316

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability...

CVE-2021-22322

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...

Authentication flaw

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...

CVE-2021-22322

Technical details are not publicly available in the provided documents. Monitor for updates.

Missing Authentication for Critical Function

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the...

CVE-2021-20697

Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors...

The vulnerability of Siemens LOGO!8 BM programmable logic controller’s microprogramming software lies in the lack of authentication for a critical function, allowing an intruder to gain unauthorized access to protected information.

The vulnerability of Siemens LOGO!8 BM programmable logic controller’s microprogramming software is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

Exploit for Path Traversal in Vmware Cloud_Foundation

cve-2021-21972 Usage Instructions p...

(Pwn2Own) NETGEAR R7800 funjsq_httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refreshstatus.aspx endpoint. The issue results from a lack of authentication required ...

Authentication flaw

Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors...

Siemens SIMATIC HMI Comfort Panels & SIMATIC HMI KTP Mobile Panels

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC HMI Comfort Panels, SIMATIC HMI KTP Mobile Panels Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this...

CVE-2021-22159

Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management formerly ObserveIT Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a...

Scalance X Products Critical Function Authentication Missing Vulnerability

SCALANCE X is a switch for connecting industrial components such as programmable logic controllers plc or human machine interfaces HMIs. The Scalance X Products Critical Function Authentication Missing vulnerability can be exploited by an attacker to reboot the device over a network...

Siemens SCALANCE X Products (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X Products Vulnerabilities: Missing Authentication for Critical Function, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

The vulnerability of HiSilicon Hi3520D microprogramming chip software lies in the lack of authentication for a critical function, allowing attackers to trigger a service failure or execute arbitrary code.

The vulnerability of HiSilicon Hi3520D chipset’s microprogramming software is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker to trigger a service failure or execute arbitrary code...

CVE-2020-7540

CVE-2020-7540 affects Schneider Electric Modicon Web Server components on Modicon M340, and legacy Modicon Quantum and Premium, plus associated communication modules. The root cause is CWE-306 Missing Authentication for Critical Function, enabling unauthenticated command execution via specially c...

CVE-2020-7561

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 with firmware 2.7 and older that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted...

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 with firmware 2.7 and older that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted...