The vulnerability of SAP ERP Sales and S4HANA Sales resource planning software lies in the lack of an authentication mechanism, which allows attackers to increase their privileges.

The vulnerability of SAP ERP Sales and S4HANA Sales resource planning software lies in the lack of an authentication mechanism. Exploiting this vulnerability allows a malicious actor to gain increased privileges remotely...

Cisco Unified Personal Communicator Remote Denial of Service Vulnerability

Cisco Unified Personal Communicator is an instant messaging application from Cisco USA. A security vulnerability exists in Cisco Unified Personal Communicator version 7.0 1.13056, which arises from the program not freeing allocated memory and failing to perform authentication on received data. An...

Siemens SCALANCE X Switches (Update B)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X Switches Vulnerability: Missing Authentication for Critical Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

CVE-2019-4244

IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518...

Design/Logic Flaw

IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518...

Siemens and PKE SiNVR, SiVMS Video Server (Update A)

1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 6 --------- CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendors: Siemens and PKE Equipment: SiNVR, SiVMS Video Servers Vulnerabilities: Missing Authentication for Critical Function, Weak Cryptography for Passwords...

Shadowsocks-libev ss-manager add_server Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to...

Magento Security Feature Issue Vulnerability

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . A security feature issue vulnerability exists in Magento version 2.2 and 2.3. The vulnerability stems from a lac...

Siemens En100 Missing Authentication for Critical Function

A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module DNP3 variant All versions V1.04, EN100 Ethernet module PROFINET IO variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module IEC 104...

Schneider-electric Modicon Missing Authentication for Critical Function

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration IP address, network mask and gateway IP address when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC...

Advantech WISE-PaaS/RMM NodeRed Server Missing Authentication Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WISE-PaaS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NodeRed Server, which listens on TCP port 1880 by default. The issue resul...

Honeywell equIP and Performance Series IP Cameras

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: equIP series and Performance series IP cameras Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability...

Honeywell IP-AK2

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: IP-AK2 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to download...

Rittal Chiller SK 3232-Series

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rittal Equipment: Rittal Chiller SK 3232-Series Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these...

Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Missing Authentication for Critical Function vulnerability

Summary IBM Security Guardium Big Data Intelligence SonarG has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4306 DESCRIPTION: IBM Security Guardium Big Data Intelligence SonarG specifies permissions for a security-critical resource which could lead to the exposure ...

CVE-2019-0379

SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...

Authentication flaw

SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...

CVE-2019-0379

SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...

Siemens LOGO!8 BM PLC Missing Authentication and Plaintext Storage of a Password (ICSA-19-134-04)

Binary data 720307.prm...

WTF Authorization Problem Vulnerability

WTF is an open source terminal-based dashboard utility program. The program supports monitoring system, service and other information. WTF is vulnerable to an authorization issue. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a networked...