CVE-2017-1483

IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621...

IBM Security Identity Manager Unauthorized Access Vulnerability

IBM Security Identity Manager ISIM is a suite of identity management and governance solutions from IBM in the United States that automates the creation, modification, re-authentication, and termination of user privileges throughout the user lifecycle and supports policy-based password...

Hewlett Packard Enterprise Application Performance Management Staging Data Replicator hpbsmsdr Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Application Performance Management Staging Data Replicator. The specific flaw exists within the hpbsmsdr web service, which listens on TCP port 29921 by default. The...

Schneider Electric InduSoft Web Studio, InTouch Machine Edition

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: InduSoft Web Studio, InTouch Machine Edition Vulnerability: Missing Authentication for Critical Function AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the...

D-Link DIR Router Missing Authentication Check

The remote D-Link DIR router does not enforce authentication when a remote user requests registersend.php. An attacker can use this weakness to recover the administrator password. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid103219; scriptversion"1.5";...

CVE-2017-12733

A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may crea...

Authentication flaw

A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may crea...

CVE-2017-12733

CVE-2017-12733 affects OPW Fuel Management Systems SiteSentinel Integra 100, Integra 500, and SiteSentinel iSite ATG consoles with firmware older than V175, V175–V189, V191–V195, and V16Q3.1. The vulnerability arises from Missing Authentication for a Critical Function, allowing an attacker to cre...

Oracle MICROS POS missing authorisation check

Application: Oracle MICROS POS Versions Affected: Oracle Hospitality Simphony 2.7-2.9 Vendor URL: Oracle Bug: Missing Authentication for Critical Function Reported: 21.07.2017 Vendor response: 22.07.2017 Date of Public Advisory: 17.01.2018 Reference: Oracle CPU January 2018 Author: Dmitry Chastuh...

Junos OS Elevation of Privilege Vulnerability in Multiple Juniper Products

Juniper QFX5110 series and others are products of Juniper Networks, Inc. The QFX5110 series is a series of Ethernet switches; the Juniper vSRX series is a series of firewall emulator products; and the SRX1500 series is a series of firewall appliances. Junos OS is one of the operating systems. A...

Siemens OZW672 and OZW772

CVSS v3 7.4 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: OZW672 and OZW772 Vulnerabilities: Missing Authentication AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following OZW672 and OZW772 devices for monitoring building controller...

HP SiteScope Multiple Vulnerabilities

HP SiteScope is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:hp:sitescope"; ifdescription...

HPE SiteScope contains multiple vulnerabilities

Overview HPE's SiteScope is vulnerable to several cryptographic issues, insufficiently protected credentials, and missing authentication. Description HPE's SiteScope is vulnerable to several vulnerabilities. The researcher reports that version 11.31.461 is affected; other versions may also be...

SAP POS Missing Authentication in XpressServer

Application: SAP POS Xpress Server Vendor URL: SAP Bug: Missing Authentication Check Reported: 15.05.2017 Vendor response: 16.05.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2520064 Author: Vladimir Egorov ERPScan VULNERABILITY INFORMATION Class: Missing Authentication...

Unauthorized Container Shutdown In ServerMigrationCoordinator

Application: Oracle PeopleSoft Versions Affected: PeopleSoft FSCM 9.2 Vendor: Oracle Bug: Missing Authentication for Critical Function Reported: 16.03.2017 Vendor response: 17.03.2017 Date of Public Advisory: 18.07.2017 Reference: Oracle CPU July 2017 Authors: Vahagn Vardanyan ERPScan VULNERABILI...

SAP POS Missing Authentication in XpressServer

Application: SAP POS Xpress Server Vendor URL: SAP Bugs: Missing Authentication Reported: 03.04.2017 Vendor response: 04.04.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2520064 Author: Dmitry Chastuhin ERPScan VULNERABILITY INFORMATION Class: Missing Authentication Check...

SAP Hostcontrol unprotected web method / DOS

Application: SAP Host Agent Versions Affected: SAP Host Agent 7.21 Vendor URL: SAP Bugs: Missing Authentication Reported: 27.02.2017 Vendor response: 28.02.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2442993 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class:...

Hughes satellite modems contain multiple vulnerabilities

Overview Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to several issues if not appropriately configured. Description Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to the following issues if not...

PT-2017-4199 · Apache +2 · Apache Zookeeper +2

Name of the Vulnerable Software and Affected Versions: Apache ZooKeeper versions prior to 3.4.10 Apache ZooKeeper versions prior to 3.5.3 Description: The issue is related to the lack of authentication for a critical function in the implementation of the wchp/wchc command in Apache ZooKeeper, whi...

Beta Firmware Updates Available for Vulnerable Netgear Routers

Netgear has begun pushing out beta versions of firmware updates that will address a critical vulnerability that was disclosed late last week. The networking vendor also confirmed that many more routers in its Nighthawk line are vulnerable than originally reported. The flaw allows attackers to car...