Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 Modbus SC2-04MOD-07000100 and earlier, Easergy T200 IEC104 SC2-04IEC-07000100 and earlier, and Easergy T200 DNP3 SC2-04DNP-07000102 and earlier that could cause unauthorized operation when authentication ...

CVE-2021-22784

A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system...

Open-xchange OX Documents 加密问题漏洞

Open-xchange OX Documents is an office software suite from the American company Open-xchange. The product supports the creation and editing of text documents, spreadsheets, presentations, and more. Open-xchange OX Documents is vulnerable to an encryption issue that arises from a lack of...

CVE-2021-36124

An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection...

Schneider Electric C-Bus Toolkit

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: C-Bus Toolkit Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to enable...

CVE-2021-28809 Missing Authentication for Critical Function in RTRR Server in HBS3

An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS...

Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239

h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...

AVEVA System Platform (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: AVEVA Software, LLC Equipment: System Platform Vulnerabilities: Missing Authentication for Critical Function, Uncaught Exception, Path Traversal, Origin Validation Error, Improper...

The vulnerability of the ContentModelChange function in the software for implementing a hypertext environment like MediaWiki allows attackers to compromise the integrity of the protected information.

The vulnerability of the ContentModelChange function in the MediaWiki software, which is used to implement the hypertext environment, relates to the absence of authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the integrity of the...

CVE-2021-32930

The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView versions prior to v5.7.03.6182...

CVE-2021-32930

Advantech iView (pre-5.7.03.6182) has a CVE-2021-32930 vulnerability described as Missing Authentication for Critical Function. The flaw allows an attacker to change configurations and, per ZDI, could enable remote code execution via the runProViewUpgrade action on NetworkServlet (port 8080). Pub...

CVE-2021-23847

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...

CVE-2021-23847

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...

CVE-2021-23847

Summary: CVE-2021-23847 describes an unauthenticated information-extraction/settings-change flaw in Bosch IP cameras (CPP6, CPP7, CPP7.3) before firmware B128, on versions 7.70, 7.72, and 7.80. The root cause is a Missing Authentication in a Critical Function, allowing a remote attacker to craft ...

Advantech iView runProViewUpgrade Missing Authentication Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the runProViewUpgrade action of NetworkServlet, which listens on TCP port 8080 by defaul...

CVE-2021-22316

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability...

CVE-2021-22322

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...

CVE-2021-22316

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability...

CVE-2021-22322

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...

CVE-2021-22322

Technical details are not publicly available in the provided documents. Monitor for updates.