Authentication flaw

SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

CVE-2020-6287

SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

Advantech iView

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: iView Vulnerabilities: SQL Injection, Path Traversal, Command Injection, Improper Input Validation, Missing Authentication for Critical Function, Improper Access Control 2...

C-MORE HMI EA9 EA-HTTP Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to issue commands on affected installations of C-More HMI EA9 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of authentication...

Grundfos CIM 500

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Grundfos Pumps Corporation Equipment: CIM 500 Vulnerabilities: Missing Authentication for Critical Function, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these...

Missing Authentication

Apache Tomee openejb-core has missing authentication. When embedded ActiveMQ broker with URI setting useJMX=true is used, it causes JMX port to open on TCP port 1099, which does not include authentication...

SAP Solution Manager Unauthorized Access Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

CVE-2020-6271

SAP Solution Manager Problem Context Manager, version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data files visible for technical administration users of the diagnostics agent...

Siemens LOGO! (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! Vulnerability: Missing Authentication for Critical Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-161-03...

The vulnerability of the Squid proxy server, related to the lack of a authentication mechanism for url_regex, allows attackers to gain access to blocked resources.

The vulnerability of the Squid proxy server is related to the lack of authentication mechanism for urlregex. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to blocked resources...

GE Grid Solutions Reason RT Clocks

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Low skill level to exploit/exploitable remotely Vendor: GE Equipment: Grid Solutions Reason RT Clocks Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow access to...

Inductive Automation Ignition (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Inductive Automation Equipment: Ignition Vulnerabilities: Missing Authentication for Critical Function, Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

WebLogic Wls-wsat XMLDecoder 漏洞描述 mitre:https://vulners.com/cve/CVE-2017-3506 早期，黑客利用WebLogic WLS 组件漏洞对企业服务器发起大范围远程攻击，有大量企业的服务器被攻陷，且被攻击企业数量呈现明显上升趋势，需要引起高度重视。其中，CVE-2017-3506是一个利用Oracle WebLogic中WLS 组件的远程代码执行漏洞，属于没有公开细节的野外利用漏洞，大量企业尚未及时安装补丁。官方在 2017 年 4 月份就发布了该漏洞的补丁。 CVE-2017-3506补丁说明： public...

SAP Adaptive Server Enterprise Injection Vulnerability

SAP Adaptive Server Enterprise ASE is a relational database server from SAP, Germany. An injection vulnerability exists in SAP Adaptive Server Enterprise, which originates when the program does not perform the required authentication checks on an authenticated user. An attacker could exploit the...

CVE-2020-6242

SAP Business Objects Business Intelligence Platform Live Data Connect, versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing...

Authentication flaw

SAP Business Objects Business Intelligence Platform Live Data Connect, versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing...

CVE-2020-6242

SAP Business Objects Business Intelligence Platform Live Data Connect, versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing...

CVE-2019-5620

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function...

CVE-2019-5620

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function...

Authentication flaw

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function...