The vulnerability of the SAP ERP HCM workforce management software lies in the lack of authentication, which allows attackers to elevate their privileges.

The vulnerability of the SAP ERP HCM workforce management software is related to the lack of authentication. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

Missing Authentication Due To Incorrect Configuration

Apache Tomee openejb-core has missing authentication. The vulnerability exists due to an incomplete fix of CVE-2020-11969 where when embedded ActiveMQ broker with URI setting useJMX=true is used, it causes JMX port to open on TCP port 1099, which does not include authentication...

CVE-2020-7540

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause unauthenticated command executio...

CVE-2020-26829

SAP NetWeaver AS JAVA P2P Cluster Communication, versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. ...

Schneider Electric Easergy T300

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Easergy T300 Vulnerability : Missing Authentication for Critical Function, Missing Authorization, Missing Encryption of Sensitive Data, Improper Restriction of Rendered UI Layers or Frames 2...

CVE-2020-28937

OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information PHI stored in the application, via a direct request for the /tests/ URI...

CVE-2020-28937

OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information PHI stored in the application, via a direct request for the /tests/ URI...

CVE-2020-28937

CVE-2020-28937 affects OpenClinic 0.8.2. A missing authentication issue allows unauthenticated users to access a patient’s medical test results via direct requests to the /tests/ URI, potentially exposing PHI. The vulnerability is highlighted in multiple sources (NVD entry, ThreatPost report) as ...

Exploit for Missing Authentication for Critical Function in Sap Netweaver_Application_Server_Java

PoC exploit for CVE-2020-6287, a vulnerability in SAP NetWeaver AS Java. The exploit targets the CTCWebService component, allowing an unauthenticated attacker to add a user with no administrator permission set. The vulnerability is present in the CTCWebServiceBean?wsdl endpoint, which is accessed...

CVE-2020-7561

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 with firmware 2.7 and older that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted...

CVE-2020-7561

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 with firmware 2.7 and older that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted...

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 with firmware 2.7 and older that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted...

PT-2020-6314 · Schneider Electric · Easergy T300

Name of the Vulnerable Software and Affected Versions: Easergy T300 versions 2.7 and older Description: A missing authentication for critical function issue exists, which could cause problems including information exposure, denial of service, and command execution when access to a resource from a...

CVE-2020-7561

The CVE-2020-7561 issue affects Schneider Electric Easergy T300 firmware 2.7 and older. The root cause is Missing Authentication for Critical Function (CWE-306), potentially allowing a remote attacker to access protected resources, leading to information exposure, denial of service, and remote co...

CVE-2020-3392 Cisco IoT Field Network Director Missing API Authentication Vulnerability

A vulnerability in the API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

简易说明 + 命令执行并回显 + 直接上传shell + linux下weblogic 10.3.6.0测试OK...

SAP Solution Manager Missing Authentication Check Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

CloudBees Jenkins Mercurial Security Feature Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Mercurial plugin 2.11...

CVE-2020-3598 Cisco Vision Dynamic Signage Director Missing Authentication Vulnerability

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-bas...

Cisco Vision Dynamic Signage Director Missing Authentication Vulnerability

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-bas...