JVN#40604023: Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210

SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2016-2183 Version| Vector| Score ---|---|--- CVSS v3|...

Akuvox E11

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Akuvox Equipment: E11 Vulnerabilities: Generation of Predictable IV with CBC, User of Hard-coded Cryptographic Key, Missing Authentication for Critical Function, Storing Passwords in a Recoverable...

Ivanti Avalanche 访问控制错误漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. Ivanti Avalanche version 6.3.3.101 suffers from an Access Control Error vulnerability that stems from a lack of...

ZKTeco ZEM/ZMM 8.88 - Missing Authentication Vulnerability

Exploit Title: ZKTeco ZEM/ZMM 8.88 - Missing Authentication Exploit Author: RedTeam Pentesting GmbH CVE: CVE-2022-42953 Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface The ZKTeco time attendance device does not require authentication to use the web interface, exposing the databas...

ZKTeco ZEM/ZMM 8.88 - Missing Authentication

Exploit Title: ZKTeco ZEM/ZMM 8.88 - Missing Authentication Exploit Author: RedTeam Pentesting GmbH CVE: CVE-2022-42953 Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface The ZKTeco time attendance device does not require authentication to use the web interface, exposing the databas...

CVE-2023-27983

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...

CVE-2023-27983

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...

CVE-2023-27980

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...

CVE-2023-27980

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...

CVE-2023-27980

CVE-2023-27980 : A CWE-306 vulnerability exists in Schneider Electric IGSS components (Data Server, Dashboard, Custom Reports) with versions 16.0.0.23040 and prior. The issue is a missing authentication for a critical function in the Data Server TCP interface, enabling creation of a malicious rep...

CVE-2023-27983

CVE-2023-27983 is a Missing Authentication for Critical Function (CWE-306) vulnerability in Schneider Electric IGSS components. The issue resides in the Data Server TCP interface and could allow deletion of reports from the IGSS project report directory, leading to data loss. Affected products/ve...

CVE-2023-23857

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services...

SAP NetWeaver Application Server 访问控制错误漏洞

SAP NetWeaver AS is a SAP Web Application Server from SAP Germany. It not only provides network services, but also is the basic platform for SAP software. An access control error vulnerability exists in SAP NetWeaver AS version 7.50, which stems from the fact that no authentication checks are...

Atlassian Jira 7.7.0 < 7.7.3 Missing Authentication Checks In Administrative System

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.6.5, 7.7.0 prior to 7.7.3 or 7.8.0 prior to 7.8.4. It is, therefore, affected by a vulnerability which permits remote attackers to run import operations and to determine if ...

PT-2023-1874 · Unknown · Igss Dashboard +2

Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions V16.0.0.23040 and prior IGSS Dashboard versions V16.0.0.23040 and prior Custom Reports versions V16.0.0.23040 and prior Description: The issue is related to the absence of authentication for a critical function in th...

Wago Multiple Products Web-based Management Missing Authentication for Critical Function (CVE-2022-45138)

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the devic...

Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Arris DG3450 Cable Gateway vulnerable version: AR01.02.056.18041520711.NCS.10 fixed version: - CVE number: CVE-2023-27571, CVE-2023-2757...

Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication Vulnerabilities

Arris DG3450 cable gateway version AR01.02.056.18041520711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities. ======================================================================= title: Multiple Vulnerabilities product: Arris DG3450 Cable Gateway vulnerable...

The vulnerability of the MKLogic-500 PLC configuration protocol, related to the lack of authentication for critical functions, allows attackers to alter the device’s operating logic.

The vulnerability of the MKLogic-500 PLC configuration protocol lies in the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker, operating remotely, to alter the device’s operating logic...

CVE-2022-45138 WAGO: Missing Authentication for Critical Function

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the devic...