CVE-2023-4516

Schneider Electric IGSS Update Service (v16.0.0.23211 and earlier) is affected by CVE-2023-4516: a CWE-306 missing authentication for a critical function vulnerability that lets a local attacker change the update source, potentially enabling remote code execution when a malicious update is applie...

CVE-2023-41367 Missing Authentication check in SAP NetWeaver (Guided Procedures)

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver Guided Procedures - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s...

SAP CommonCryptoLib and abu security vulnerabilities

SAP CommonCryptoLib is a password library from SAP, a German company. A security vulnerability exists in SAP CommonCryptoLib that stems from not performing the required authentication checks, which could result in missing or incorrect authorization checks for authenticated users, leading to...

CVE-2023-4815

Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3...

CVE-2023-4815 Missing Authentication for Critical Function in answerdev/answer

Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3...

CVE-2023-4815 Missing Authentication for Critical Function in answerdev/answer

Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3...

PT-2023-30712 · Answerdev · Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to v1.1.3 Description: The issue is related to missing authentication for a critical function in the GitHub repository answerdev/answer. This could potentially allow unauthorized access to sensitive data or...

CVE-2023-34392

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

CVE-2023-34392

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

Authentication flaw

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

CVE-2023-34392 Missing Authentication for Critical Function

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator 访问控制错误漏洞

Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator is a freely distributed software tool from Schweitzer Engineering Laboratories, Inc. -- Grid Configurator allows engineers and technicians to quickly create, manage, and deploy settings for SEL power system equipment. A security...

PT-2023-24857 · Schweitzer Engineering Laboratories · Sel-5037 Sel Grid Configurator

Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator versions prior to 4.5.0.20 Description: A Missing Authentication for Critical Function issue could allow an attacker to run arbitrary commands on managed devices by an...

VulnCheck KEV: CVE-2023-36847

Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an...

VulnCheck KEV: CVE-2023-36851

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication,...

CVE-2023-38030

Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions...

CVE-2023-38030

Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions...

CVE-2023-38030 Saho ADM100&ADM-100FP - Execute Code

Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions...

CVE-2023-38422

Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data...

CVE-2023-38422 Walchem Intuition Missing Authentication for Critical Function

Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data...