Design/Logic Flaw

Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing...

CVE-2020-5780

The CVE-2020-5780 entry concerns the WordPress plugin Icegram Email Subscribers & Newsletters. Affected version(s) are prior to 4.5.6, where a vulnerability in the class-es-newsletters.php allows an unauthenticated, remote attacker to forge/spoof emails via an unauthenticated AJAX request to an a...

VulnCheck KEV: CVE-2020-36720

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...

The vulnerability of the microprogrammed software of Schneider Electric’s spaceLYnk and Schneider Electric’s homeLYnk logic controllers lies in the lack of authentication attempt limits, allowing attackers to bypass the authentication process.

The vulnerability of the microprogramming software for Schneider Electric’s spaceLYnk and homeLYnk logic controllers is related to the absence of restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor to bypass the authentication process remotely...

CVE-2020-16167

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...

CVE-2020-16167

CVE-2020-16167, CVE-2020-16168 and CVE-2020-16169 pertain to temi robot’s IoT stack. The Connected documents confirm: (1) Missing Authentication for Critical Functions allowed publishing/subscribing to MQTT topics and inter-app privilege escalation (CVE-16167) enabling an attacker to subscribe to...

Authentication flaw

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based...

Advantech iView UserServlet performDeleteUser Missing Authentication for Critical Function Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserServlet class. The issue results from the lack of authentication prior t...

CVE-2020-6287

SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

Authentication flaw

SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

CVE-2020-6287

SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

Advantech iView

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: iView Vulnerabilities: SQL Injection, Path Traversal, Command Injection, Improper Input Validation, Missing Authentication for Critical Function, Improper Access Control 2...

C-MORE HMI EA9 EA-HTTP Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to issue commands on affected installations of C-More HMI EA9 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of authentication...

Grundfos CIM 500

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Grundfos Pumps Corporation Equipment: CIM 500 Vulnerabilities: Missing Authentication for Critical Function, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these...

Missing Authentication

Apache Tomee openejb-core has missing authentication. When embedded ActiveMQ broker with URI setting useJMX=true is used, it causes JMX port to open on TCP port 1099, which does not include authentication...

SAP Solution Manager Unauthorized Access Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

CVE-2020-6271

SAP Solution Manager Problem Context Manager, version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data files visible for technical administration users of the diagnostics agent...

Siemens LOGO! (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! Vulnerability: Missing Authentication for Critical Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-161-03...

The vulnerability of the Squid proxy server, related to the lack of a authentication mechanism for url_regex, allows attackers to gain access to blocked resources.

The vulnerability of the Squid proxy server is related to the lack of authentication mechanism for urlregex. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to blocked resources...

GE Grid Solutions Reason RT Clocks

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Low skill level to exploit/exploitable remotely Vendor: GE Equipment: Grid Solutions Reason RT Clocks Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow access to...