CWE:
 

Topic
Date
Author
Low
SAP FRUN Simple Diagnostics Agent 1.0 Missing Authentication
22.06.2022
Yvan Genuer
Med.
SAP Netweaver JAVA 7.50 Missing Authorization
17.06.2021
Ignacio D. Favro
Med.
URVE Software Build 24.03.2020 Authentication Bypass / Remote Code Execution
30.12.2020
Erik Steltzner
Med.
IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution
29.03.2020
Pedro Ribeiro
Med.
Sophos UTM 9.410 loginuser confd Service Privilege Escalation
06.03.2018
KoreLogic
Med.
JD Edwards 9.1 EnterpriseOne Server Denial Of Service
28.08.2016
Fernando Russ and Mati...
Med.
JD Edwards 9.1 EnterpriseOne Server Create Users
28.08.2016
Fernando Russ and Mati...
High
SAP TREX 7.10 Revision 63 Remote Command Execution
22.08.2016
Multiple
Med.
Davolink DV-2051 Missing Access Control
06.08.2016
Eric Flokstra
High
InFocus IN3128HD Projector Missing Authentication
28.04.2015
CORE
High
Allied Telesis AT-RG634A ADSL router unauthenticated webshell
26.03.2014
Sebastian Muniz
High
INSTEON Hub 2242-222 Lack Of Authentication
02.08.2013
David Bryan


CVEMAP Search Results

CVE
Details
Description
2022-08-10
Waiting for details
CVE-2022-2242

Updating...
 

 
The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default).

 
2022-08-03
Waiting for details
CVE-2022-35865

Updating...
 

 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709.

 
2022-07-25
Waiting for details
CVE-2022-35871

Updating...
 

 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206.

 
2022-07-22
Waiting for details
CVE-2022-2138

Updating...
 

 
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.

 
2022-07-12
Medium
CVE-2021-44222

Vendor: Siemens
Software: Simatic easi...
 

 
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.

 
Medium
CVE-2022-33138

Updating...
 

 
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device.

 
2022-06-14
Medium
CVE-2022-32251

Vendor: Siemens
Software: Sinema remot...
 

 
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user.

 
Medium
CVE-2022-30230

Vendor: Siemens
Software: Sicam grided...
 

 
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions.

 
2022-06-09
Medium
CVE-2022-29226

Vendor: Envoyproxy
Software: Envoy
 

 
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current implementation assumes that access tokens are always validated thus allowing access in the presence of any access token attached to the request. Users are advised to upgrade. There is no known workaround for this issue.

 
2022-06-01
Low
CVE-2022-31022

Vendor: Couchbase
Software: Bleve
 

 

 

 


Copyright 2022, cxsecurity.com

 

Back to Top