849 matches found
CVE-2023-34392 Missing Authentication for Critical Function
A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...
VulnCheck KEV: CVE-2023-36851
Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication,...
VulnCheck KEV: CVE-2023-36846
Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is...
VulnCheck KEV: CVE-2023-36847
Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an...
CVE-2023-38422 Walchem Intuition Missing Authentication for Critical Function
Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data...
Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may...
CVE-2023-36847
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an...
CVE-2023-36846 Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is ab...
The vulnerability of the Runtime Workbench component of the SAP NetWeaver Process Integration software, which allows attackers to compromise the confidentiality and accessibility of protected information.
The vulnerability of the Runtime Workbench RWB component of the SAP NetWeaver Process Integration software lies in the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to compromise the confidentiality and accessibility of protected information...
Walchem Intuition 9
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Walchem Equipment: Intuition 9 Vulnerabilities: Missing Authentication for Critical Function, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
CVE-2023-36669
Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit IDU before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit TPU within the IDU by sending crafte...
The vulnerability of the microprogrammed software of the programmable logic controller LS ELECTRIC XBC-DN32U lies in the lack of authentication for a critical function, allowing an intruder to delete arbitrary files.
The vulnerability of the microprogrammed logic controller LS ELECTRIC XBC-DN32U lies in the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to delete arbitrary files...
CVE-2023-31196
Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products. Affected products and versions are as follows: AC-PD-WAPU v1.05B04 and earlier, AC-PD-WAPUM v1.05B04 and earlier, AC-PD-WAPU-P v1.05B04P...
CVE-2022-4240
Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1...
Authentication flaw
Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1...
CVE-2022-4240 Unauthenticated API allowing an attacker to obtain the information about network resources
Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1...
CVE-2022-4240
Honeywell OneWireless is affected by CVE-2022-4240 (Missing Authentication for Critical Function), enabling an authentication bypass. The issue affects OneWireless version 322.1. Red Hat and other feeds reference an unauthenticated API exposing network-resource information and note mitigation via...
PT-2023-3039 · Honeywell · Honeywell Onewireless
Name of the Vulnerable Software and Affected Versions: Honeywell OneWireless version 322.1 Description: The issue is related to a Missing Authentication for Critical Function vulnerability in Honeywell OneWireless, which allows Authentication Bypass. This can enable a remote attacker to elevate...
Authentication flaw
Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 with enabled Legacy APIs...
CVE-2023-1837
Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 with enabled Legacy APIs...