Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-7953

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Feb, 2020 | 16:26
Updated At-04 Aug, 2024 | 09:48
Rejected At-
Credits

An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file) option.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Feb, 2020 | 16:26
Updated At:04 Aug, 2024 | 09:48
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file) option.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://medium.com/%40ph0rensic
x_refsource_MISC
https://medium.com/%40ph0rensic/three-cves-on-opmon-3ca775a262f5
x_refsource_MISC
Hyperlink: https://medium.com/%40ph0rensic
Resource:
x_refsource_MISC
Hyperlink: https://medium.com/%40ph0rensic/three-cves-on-opmon-3ca775a262f5
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://medium.com/%40ph0rensic
x_refsource_MISC
x_transferred
https://medium.com/%40ph0rensic/three-cves-on-opmon-3ca775a262f5
x_refsource_MISC
x_transferred
Hyperlink: https://medium.com/%40ph0rensic
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://medium.com/%40ph0rensic/three-cves-on-opmon-3ca775a262f5
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 Feb, 2020 | 17:15
Updated At:07 Nov, 2023 | 03:26

An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file) option.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

opservices
opservices
>>opmon>>9.3.2
cpe:2.3:a:opservices:opmon:9.3.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-306Primarynvd@nist.gov
CWE ID: CWE-306
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://medium.com/%40ph0rensiccve@mitre.org
N/A
https://medium.com/%40ph0rensic/three-cves-on-opmon-3ca775a262f5cve@mitre.org
N/A
Hyperlink: https://medium.com/%40ph0rensic
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://medium.com/%40ph0rensic/three-cves-on-opmon-3ca775a262f5
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

262Records found

CVE-2019-12389
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.69%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 16:37
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010.

Action-Not Available
Vendor-anvizn/a
Product-anviz_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-45423
Matching Score-4
Assigner-Dahua Technologies
ShareView Details
Matching Score-4
Assigner-Dahua Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.88%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 00:00
Updated-14 Apr, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).

Action-Not Available
Vendor-n/aDahua Technology Co., Ltd
Product-dhi-dss4004-s2_firmwaredhi-dss7016dr-s2_firmwaredhi-dss4004-s2dhi-dss7016d-s2_firmwaredhi-dss7016d-s2dss_professionaldhi-dss7016dr-s2dss_expressDSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-13205
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.39%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 17:47
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer.

Action-Not Available
Vendor-kyoceran/a
Product-ecosys_m5526cdw_firmwareecosys_m5526cdwn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-13194
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 66.95%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 18:38
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL.

Action-Not Available
Vendor-n/aBrother Industries, Ltd.
Product-mfc-j895dwmfc-l6900dwhl-l6450dwhl-l6400dwtads-2800wdcp-1617nwmfc-l2720dn\(jpn\)mfc-j497dwdcp-t710w\(chn\)_firmwaremfc-j1500n\(jpn\)mfc-j5335dwmfc-l2740dwr_firmwaremfc-l2750dw_firmwaremfc-l3770cdw_firmwaredcp-7195dw_firmwaremfc-l2705dwmfc-j893n_firmwaredcp-1623wr_firmwaremfc-l6900dwx_firmwaredcp-l8410cdw_firmwaremfc-9350cdwmfc-j998dn_firmwarehl-l8260cdndcp-l2560dwrdcp-j982n-bmfc-l5702dw_firmwarehl-l2370dnhl-l2350dw_firmwaremfc-j893nmfc-l2720dw_firmwaremfc-l9570cdw_firmwarehl-l3230cdwhl-b2050dnhl-1211w_firmwaredcp-j572dwdcp-j577ndcp-j973n-wmfc-l2720dwr_firmwaredcp-l2531dw_firmwaremfc-j998dwn_firmwaredcp-l2520dw_firmwaremfc-l2707dwmfc-l9570cdwdcp-j978n-b_firmwaredcp-t710w_firmwaredcp-l2540dw\(jpn\)dcp-1610wvbmfc-l5802dwmfc-9350cdw_firmwaremfc-8530dnmfc-l2705dw_firmwaremfc-1910wmfc-1916nwmfc-j1300dwmfc-l2712dn_firmwaremfc-l3730cdn_firmwaremfc-j995dwmfc-9150cdndcp-l3551cdw_firmwarehl-l8360cdwtmfc-1911wdcp-l6600dwdcp-l2541dw_firmwaremfc-j805dw_xl_firmwaremfc-j6535dwmfc-l2701dwdcp-j982n-w_firmwaredcp-b7535dwmfc-j6947dw_firmwaremfc-l5700dw_firmwaredcp-l5500dnhl-1210wvb_firmwarehl-l9310cdwmfc-l2717dw_firmwarehl-l2395dw_firmwaremfc-l8610cdwmfc-j5730dw_firmwaremfc-l8900cdwmfc-l2685dw_firmwarehl-l6200dwt_firmwaredcp-j772dwhl-l2370dn_firmwaremfc-l2712dwdcp-1610wvb_firmwarehl-j6000cdw\(jpn\)_firmwarehl-l8360cdwt_firmwareads-3000nmfc-j5845dw_xl_firmwaredcp-j978n-w_firmwaredcp-1610wemfc-l8900cdw_firmwaredcp-l2540dnhl-l8360cdw_firmwaremfc-j805dw_firmwaredcp-b7530dndcp-l5650dnmfc-t810w\(chn\)dcp-l8410cdwdcp-1616nwmfc-8540dn_firmwaremfc-l2710dw_firmwaremfc-l5802dw_firmwarehl-l2375dw_firmwarehl-1210wvbmfc-l2713dw_firmwaremfc-l5902dwdcp-l5502dnhl-l2366dw_firmwarehl-1210wr_firmwarehl-l3270cdwdcp-l5600dn_firmwareads-2400n_firmwaremfc-l2720dwrhl-l2375dwhl-l5202dw_firmwaredcp-1610we_firmwaremfc-l2700dw\(oce\)_firmwaremfc-j995dw_xlhl-l8360cdwmfc-j491dwhl-l2385dwmfc-1912wrmfc-l2750dw\(jpn\)_firmwarehl-l6200dwtdcp-1610wrdcp-l3510cdwmfc-l2740dw_firmwarehl-1223we_firmwaremfc-j3530dwads-2800w_firmwaremfc-j6930dw_firmwaremfc-l6702dw_firmwaremfc-l2715dw\(twn\)hl-l5100dnthl-1210w_firmwaremfc-j1500n\(jpn\)_firmwarehl-b2050dn_firmwaredcp-l3550cdw_firmwaremfc-t910dw_firmwaredcp-l2532dw_firmwaremfc-l8610cdw\(jpn\)_firmwaredcp-b7530dn_firmwaremfc-l5755dw_firmwaremfc-l2700dwmfc-l6900dw_firmwaremfc-l5900dw_firmwaredcp-l5652dndcp-l2520dwmfc-l2700dw\(oce\)mfc-l2700dw_firmwarehl-1218whl-l3210cwdcp-l2520dwr_firmwaremfc-j6730dw_firmwarefax-l2700dn\(jpn\)mfc-l2717dwdcp-1618w_firmwaredcp-l2550dn_firmwaredcp-l2541dwhl-l2365dwrmfc-j6530dwdcp-1615nwdcp-7180dn_firmwaremfc-l5850dw_firmwaremfc-l6950dw_firmwarehl-b2080dwmfc-l2680whl-l2360dw_firmwareads-3600w_firmwarefax-l2710dn\(jpn\)_firmwaremfc-j5330dwmfc-l5800dw_firmwarehl-l3290cdwmfc-l2750dwxl_firmwaredcp-1615nw_firmwaremfc-j5335dw_firmwaremfc-l6950dwhl-l8260cdn_firmwaremfc-l2730dwhl-l6400dwxhl-l6250dw_firmwaredcp-1617nw_firmwarehl-l2340dwrmfc-7895dw_firmwaremfc-l2740dw\(jpn\)mfc-1911nw_firmwarehl-l6300dw_firmwaredcp-l3550cdwhl-l2305w_firmwaredcp-1612wemfc-l5700dwmfc-j6535dw_firmwaredcp-j774dwhl-l6200dwmfc-j998dwndcp-j572n_firmwaredcp-l2550dwmfc-l6902dwmfc-7880dn_firmwaremfc-j5845dw_firmwaremfc-j890dw_firmwaremfc-j5330dw_firmwaremfc-j738dwn_firmwarehl-l2380dwmfc-l6750dw_firmwaremfc-l9570cdw\(jpn\)_firmwaredcp-1612wvbdcp-l2540dw_firmwaremfc-l2770dw_firmwarehl-l2395dwdcp-l2551dndcp-l2532dwdcp-l3551cdwmfc-l6900dw\(jpn\)mfc-l3730cdnhl-l3210cw_firmwaredcp-j988n\(jpn\)mfc-l2740dw\(jpn\)_firmwaremfc-j903nmfc-l6900dw\(jpn\)_firmwaremfc-l5750dwdcp-l3517cdwmfc-1911w_firmwaremfc-j497dw_firmwarehl-j6000dwhl-j6000dw_firmwaremfc-l6902dw_firmwaremfc-j995dw_firmwaremfc-j6945dwmfc-j5630cdwhl-1212wr_firmwaremfc-l2740dwrmfc-t910dwmfc-j6947dwmfc-l2712dnmfc-j6935dw_firmwaremfc-l2713dwmfc-l6702dwmfc-l3735cdnmfc-l5755dw\(jpn\)_firmwarehl-3190cdw_firmwaremfc-j6530dw_firmwarehl-l2361dnmfc-j5845dwhl-l2366dwdcp-j774dw_firmwaremfc-j6997cdw\(jpn\)_firmwaremfc-j6999cdw\(jpn\)hl-l6202dw_firmwaremfc-8540dnhl-l8260cdw_firmwaremfc-t4500dwmfc-j738dnmfc-l2700dwr_firmwaredcp-b7520dwmfc-j5930dw_firmwarehl-3160cdw_firmwarehl-l6200dw_firmwaremfc-l2720dwdcp-7180dnmfc-j2330dwhl-5590dnmfc-l8610cdw_firmwaremfc-j690dwmfc-l6900dwgmfc-l2716dwhl-l5200dw_firmwaremfc-9150cdn_firmwaremfc-l2710dnmfc-7880dnhl-l6400dwgmfc-l2771dw_firmwarehl-1223wedcp-l5650dn_firmwaremfc-1919nw_firmwareads-3000n_firmwaremfc-l6700dw_firmwaredcp-9030cdn_firmwaredcp-l2520dwrdcp-j972nmfc-j6999cdw\(jpn\)_firmwaredcp-1612we_firmwaredcp-j973n-b_firmwaremfc-j6980cdw\(jpn\)_firmwaremfc-j898nmfc-j6545dw_firmwaremfc-l2750dw\(jpn\)dcp-l2530dw_firmwaremfc-1910wedcp-l5500dn_firmwaremfc-j805dwmfc-j895dw_firmwarehl-1222wemfc-j898n_firmwaredcp-l2540dnr_firmwarehl-l3230cdnhl-1218w_firmwaredcp-7195dwhl-l6250dn_firmwaredcp-l2551dwhl-l2340dwr_firmwaremfc-1911nwads-3600whl-l2360dnrdcp-l2560dw_firmwaremfc-j1300dw_firmwaremfc-l2710dwhl-2560dndcp-j981n_firmwaremfc-b7715dw_firmwaremfc-l3710cw_firmwarehl-l6402dw_firmwaredcp-l2551dw_firmwaremfc-l2712dw_firmwaremfc-j995dw_xl_firmwaredcp-l2537dw_firmwaremfc-l2732dwmfc-l2750dwhl-l2315dwmfc-l2685dwmfc-l5702dwdcp-l2537dwmfc-j903n_firmwaredcp-1612wvb_firmwaremfc-1912wr_firmwaremfc-l6800dwdcp-l2535dwdcp-l2550dw_firmwarehl-l2352dw_firmwaredcp-j582n_firmwaredcp-l5602dn_firmwaremfc-t4500dw_firmwarehl-2595dw_firmwaremfc-t810whl-l2340dwmfc-j2330dw_firmwarehl-1222we_firmwaremfc-j6580cdw\(jpn\)dcp-1612wr_firmwarehl-l5100dn_firmwaremfc-j5730dwmfc-l6700dwdcp-t510wmfc-j6983cdwhl-l2365dwdcp-j982n-b_firmwaremfc-l6750dwdcp-j978n-wmfc-j6583cdwdcp-l2550dndcp-l2560dwr_firmwaredcp-j988n\(jpn\)_firmwarehl-l2386dw_firmwaremfc-b7720dnhl-l2372dnmfc-l3735cdn_firmwarehl-3160cdwmfc-l6800dw_firmwarehl-l3230cdn_firmwarehl-l2376dwhl-t4000dw_firmwaremfc-l2701dw_firmwaredcp-b7535dw_firmwaredcp-l6600dw_firmwaremfc-1915w_firmwaremfc-l2680w_firmwaremfc-l2732dw_firmwarehl-1212w_firmwaredcp-l2531dwdcp-t510w\(chn\)dcp-l2530dwmfc-j738dwnmfc-j6545dw_xl_firmwaremfc-l6970dwmfc-j738dn_firmwaredcp-j972n_firmwaredcp-1618wdcp-j772dw_firmwaredcp-t510w_firmwaremfc-l5902dw_firmwaremfc-l2716dw_firmwaremfc-l5800dwmfc-j815dw_xlmfc-j5630cdw_firmwaredcp-l3517cdw_firmwaredcp-j973n-bmfc-l3770cdwdcp-l5602dnmfc-l5750dw_firmwarehl-1212wvbmfc-l2730dw_firmwaredcp-j982n-wmfc-j5930dwfax-l2700dn\(jpn\)_firmwarehl-l2361dn_firmwarehl-l6400dwg_firmwaremfc-l9577cdwdcp-1612wrmfc-j805dw_xlmfc-l2720dn\(jpn\)_firmwaremfc-j6995cdw\(jpn\)_firmwaremfc-j6583cdw_firmwaremfc-j1605dn_firmwarehl-l6400dwdcp-l2535dw_firmwarehl-l6300dwdcp-1610wr_firmwaremfc-j491dw_firmwarehl-l5202dwdcp-j1100dwmfc-j6545dwdcp-l5600dndcp-j978n-bdcp-l3510cdw_firmwaremfc-l2703dw_firmwaremfc-l2730dn\(jpn\)hl-l5100dnmfc-j3930dwmfc-j3930dw_firmwaremfc-j6995cdw\(jpn\)mfc-j5830dwdcp-l2552dnmfc-j5945dw_firmwarehl-l2350dwhl-l3230cdw_firmwaredcp-l2540dwdcp-l2551dn_firmwaremfc-l5755dwmfc-j6930dwhl-l2340dw_firmwaredcp-1610w_firmwaredcp-l2560dwhl-l2365dw_firmwaremfc-j998dnhl-l6300dwt_firmwaremfc-l5850dwhl-j6100dwmfc-j6545dw_xldcp-j572nmfc-l3745cdw_firmwarehl-l2376dw_firmwaremfc-j5845dw_xldcp-1616nw_firmwarehl-l2360dnhl-l5200dwtmfc-l8610cdw\(jpn\)hl-l5595dnhl-t4000dwhl-l2371dnhl-l5200dwt_firmwarehl-l6402dwmfc-b7715dwdcp-1623wrhl-1212we_firmwaremfc-1916nw_firmwaredcp-t710wmfc-j6980cdw\(jpn\)hl-l2315dw_firmwaredcp-l2540dw\(jpn\)_firmwarehl-l5595dn_firmwarehl-l9310cdw_firmwarehl-l5102dwmfc-b7720dn_firmwarehl-l2365dwr_firmwaremfc-l3710cwhl-l6202dwmfc-l5700dnhl-l2370dw_firmwaremfc-l2770dwmfc-j6945dw_firmwarehl-1210wrmfc-l2750dwxlmfc-l5900dwhl-l2370dwdcp-1610whl-l5102dw_firmwaremfc-j2730dw_firmwarehl-1210wehl-l2305wdcp-l2540dn_firmwarehl-2560dn_firmwaredcp-l2550dw\(jpn\)_firmwarehl-j6100dw_firmwaremfc-j3530dw_firmwaremfc-j5830dw_firmwarehl-l2385dw_firmwarehl-l5200dwdcp-b7520dw_firmwaredcp-1612wmfc-j6983cdw_firmwaredcp-j582nhl-1210whl-l2386dwhl-1210we_firmwaremfc-j890dwmfc-j5945dwfax-l2710dn\(jpn\)mfc-1910w_firmwaremfc-j2730dwmfc-1910we_firmwarehl-l2371dn_firmwarehl-l2360dn_firmwaremfc-l2752dw_firmwarehl-l2351dw_firmwarehl-l2370dwxlmfc-l2751dwmfc-j1605dnhl-l6450dw_firmwaredcp-j973n-w_firmwaremfc-j6580cdw\(jpn\)_firmwaremfc-l2710dn_firmwarehl-1212wvb_firmwarehl-l2357dw_firmwaremfc-l6900dwg_firmwaremfc-l2703dwhl-l6400dwx_firmwarehl-l5100dnt_firmwarehl-3190cdwhl-l6400dwt_firmwaremfc-1915wmfc-l8690cdw_firmwaremfc-l3750cdw_firmwaremfc-l2730dn\(jpn\)_firmwaredcp-9030cdnmfc-l9577cdw_firmwarehl-l2390dw_firmwaremfc-l3750cdwhl-1212wdcp-t510w\(chn\)_firmwaremfc-t810w\(chn\)_firmwaremfc-8535dn_firmwaremfc-1919nwmfc-t810w_firmwarehl-l2370dwxl_firmwarehl-l8260cdwhl-j6000cdw\(jpn\)mfc-l2700dndcp-l2552dn_firmwaremfc-l2700dn_firmwaredcp-l5652dn_firmwaremfc-l2771dwdcp-1612w_firmwaremfc-l6970dw_firmwarehl-1211wmfc-l3745cdwmfc-l2707dw_firmwaremfc-l8690cdwdcp-l2540dnrdcp-j577n_firmwaredcp-j1100dw_firmwarehl-l6400dw_firmwaredcp-t710w\(chn\)dcp-j572dw_firmwarehl-2595dwhl-l2360dnr_firmwarehl-l2351dwmfc-l2715dw_firmwaremfc-j6730dwhl-5590dn_firmwaremfc-8535dnmfc-l5700dn_firmwareads-2400ndcp-1622wemfc-l9570cdw\(jpn\)mfc-l2740dwmfc-j815dw_xl_firmwarehl-b2080dw_firmwaremfc-l2700dnrmfc-l2751dw_firmwaremfc-j6997cdw\(jpn\)hl-l2372dn_firmwarehl-1212wemfc-l2700dnr_firmwaredcp-1622we_firmwaremfc-j6935dwdcp-l2550dw\(jpn\)mfc-l2715dwmfc-l2752dwdcp-j981ndcp-1623wemfc-8530dn_firmwarehl-l6250dwmfc-7895dwmfc-j690dw_firmwaredcp-l5502dn_firmwarehl-l6300dwtmfc-l2700dwrdcp-1623we_firmwarehl-l3290cdw_firmwaremfc-l5755dw\(jpn\)hl-l6250dnhl-l2352dwhl-l2360dwhl-l2380dw_firmwaremfc-l2715dw\(twn\)_firmwaremfc-l6900dwxhl-l2390dwhl-l2357dwhl-l3270cdw_firmwarehl-1212wrn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-13338
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.09%
||
7 Day CHG~0.00%
Published-09 Jul, 2019 | 19:27
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WESEEK GROWI before 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata. In other words, the password hash can be retrieved even though it is not a publicly available field.

Action-Not Available
Vendor-weseekn/a
Product-growin/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-4228
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.59%
||
7 Day CHG+0.02%
Published-30 Nov, 2022 | 00:00
Updated-19 Nov, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Book Store Management System information disclosure

A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587.

Action-Not Available
Vendor-book_store_management_system_projectSourceCodester
Product-book_store_management_systemBook Store Management System
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-4240
Matching Score-4
Assigner-Honeywell International Inc.
ShareView Details
Matching Score-4
Assigner-Honeywell International Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 1.03%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 16:15
Updated-09 Jan, 2025 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated API allowing an attacker to obtain the information about network resources

Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1

Action-Not Available
Vendor-Honeywell International Inc.
Product-onewireless_network_wireless_device_manageronewireless_network_wireless_device_manager_firmwareOneWireless
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-41629
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.18%
||
7 Day CHG+0.02%
Published-31 Oct, 2022 | 19:51
Updated-16 Apr, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as UserListInfo.xml, which would allow them to see existing administrative passwords.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-infrasuite_device_masterInfraSuite Device Master
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-33259
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.48% / 64.13%
||
7 Day CHG~0.00%
Published-31 Oct, 2021 | 18:32
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-868lw_firmwaredir-868lwn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-31793
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.70% / 81.53%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 16:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the /snapshot URI.

Action-Not Available
Vendor-nightowlspn/a
Product-wdb-20wdb-20_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-25265
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.11%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 09:46
Updated-04 Jul, 2025 | 07:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated File Read via Web Interface

A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows an unauthenticated remote attacker to read files from the system’s file structure.

Action-Not Available
Vendor-WAGO
Product-PFC100 G2 0750-811x-xxxx-xxxxTP600 0762-620x/8000-000xPFC200 G1 750-820x-xxx-xxxTP600 0762-630x/8000-000xPFC100 G1 0750-810x/xxxx-xxxxWAGO CC100 0751-9x01PFC200 G2 750-821x-xxx-xxxTP600 0762-520x/8000-000xTP600 0762-530x/8000-000xTP600 0762-420x/8000-000xTP600 0762-430x/8000-000xEdge Controller 0752-8303/8000-0002CC100 0751-9x01
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-27668
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 54.98%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 17:01
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-vaultn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-22322
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.28%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 15:49
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-48621
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 06:14
Updated-06 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-48299
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.78%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2017-12575
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.56%
||
7 Day CHG~0.00%
Published-24 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET").

Action-Not Available
Vendor-atermn/a
Product-wg2600hp2_firmwarewg2600hp2n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-11466
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 53.66%
||
7 Day CHG~0.00%
Published-10 Sep, 2019 | 17:02
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.

Action-Not Available
Vendor-n/aCouchbase, Inc.
Product-couchbase_servern/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-2344
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.21%
||
7 Day CHG+0.01%
Published-16 Mar, 2025 | 18:00
Updated-17 Mar, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IROAD Dash Cam X5/Dash Cam X6 API Endpoint missing authentication

A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-IROAD
Product-Dash Cam X5Dash Cam X6
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-29442
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-94.00% / 99.88%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 20:20
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication bypass

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql)

Action-Not Available
Vendor-alibabaalibaba
Product-nacosnacos
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-27571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 45.08%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 16:31
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and is not protected by any authentication logic.

Action-Not Available
Vendor-remotemousen/a
Product-emote_remote_mousen/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-38870
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-85.61% / 99.33%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 00:00
Updated-07 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Free5gc v3.2.1 is vulnerable to Information disclosure.

Action-Not Available
Vendor-free5gcn/a
Product-free5gcn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-26697
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-2.12% / 83.43%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 14:15
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Airflow: Lineage API endpoint for Experimental API missed authentication check

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.

Action-Not Available
Vendor-The Apache Software Foundation
Product-airflowApache Airflow
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-0355
Matching Score-4
Assigner-NEC Corporation
ShareView Details
Matching Score-4
Assigner-NEC Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 07:23
Updated-21 Jan, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network.

Action-Not Available
Vendor-NEC Corporation
Product-WX4200D5WX3000HPWG1200CRWF1200CRWG2600HM4WG2600HS2GB1200PEWG2600HSWG2600HP4
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-23858
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-8.6||HIGH
EPSS-0.30% / 52.49%
||
7 Day CHG~0.00%
Published-04 Oct, 2021 | 17:32
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information disclosure

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource.

Action-Not Available
Vendor-Bosch Rexroth AGRobert Bosch GmbH
Product-rexroth_indramotion_mlc_l45rexroth_indramotion_mlc_xm42rexroth_indramotion_mlc_l25_firmwarerexroth_indramotion_mlc_xm21_firmwarerexroth_indramotion_mlc_l20_firmwarerexroth_indramotion_mlc_xm41_firmwarerexroth_indramotion_mlc_l65rexroth_indramotion_mlc_l75rexroth_indramotion_mlc_l40_firmwarerexroth_indramotion_mlc_l85_firmwarerexroth_indramotion_mlc_xm22indracontrol_xlc_firmwarerexroth_indramotion_mlc_l45_firmwarerexroth_indramotion_mlc_l25rexroth_indramotion_mlc_xm22_firmwarerexroth_indramotion_mlc_xm41rexroth_indramotion_mlc_xm42_firmwareindracontrol_xlcrexroth_indramotion_mlc_l40rexroth_indramotion_mlc_xm21rexroth_indramotion_mlc_l65_firmwarerexroth_indramotion_mlc_l20rexroth_indramotion_mlc_l75_firmwarerexroth_indramotion_mlc_l85IndraMotion MLC L20, L40IndraMotion MLC L25, L45, L65, L75, L85, XM21, XM22, XM41 and XM42 IndraControl XLC
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-11020
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.01%
||
7 Day CHG~0.00%
Published-09 Jul, 2019 | 17:00
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claim_files/claim_id_ URLs.

Action-Not Available
Vendor-ddrtn/a
Product-dashcom_live_firmwaredashcom_liven/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-53623
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.83%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 00:00
Updated-02 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-n/aarcher_c7_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-48774
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.49%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-15 Oct, 2024 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process.

Action-Not Available
Vendor-n/afermax
Product-n/avida
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-48776
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.49%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-15 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process

Action-Not Available
Vendor-n/ashelly
Product-n/ahome_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-48768
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.48%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-15 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process

Action-Not Available
Vendor-n/aalmando
Product-n/aalmando_control_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-48775
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.49%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-15 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process.

Action-Not Available
Vendor-n/astarvedia
Product-n/aezset_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-0312
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.46%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 16:11
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape information like host names, ports or other technical data in the absence of restrictive firewall and port settings.

Action-Not Available
Vendor-SAP SE
Product-netweaver_process_integrationSAP NetWeaver Process Integration(SAP_XIESR)SAP NetWeaver Process Integration(SAP_XITOOL)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-45276
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.09%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 10:28
Updated-24 Jan, 2025 | 07:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MB connect line/Helmholz: tmp directory exposed via webservice

An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication.

Action-Not Available
Vendor-mbconnectlinehelmholzMB connect lineHelmholzmb_connect_linehelmholz
Product-mbnet.mini_firmwarembnet.minirex_100_firmwarerex_100REX100mbNET.minimbnet.minirex_100_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-37152
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-58.28% / 98.11%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 15:33
Updated-18 Sep, 2024 | 12:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Access to sensitive settings in Argo CD

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.

Action-Not Available
Vendor-argoprojargoprojThe Linux Foundation
Product-argo_cdargo-cdargo-cd
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-37368
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-8.2||HIGH
EPSS-0.11% / 30.58%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 14:30
Updated-31 Jan, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation FactoryTalk® View SE v11 Information Leakage Vulnerability via Authentication Restriction

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-factorytalk_viewFactoryTalk® View SEfactorytalk_view
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-37767
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.20%
||
7 Day CHG~0.00%
Published-05 Jul, 2024 | 00:00
Updated-01 Jul, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request.

Action-Not Available
Vendor-b1ackc4tn/ab1ackc4t
Product-14fingern/a14finger
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-35277
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 10.22%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:09
Updated-31 Jan, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortimanager_cloudfortimanagerFortiManager
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-6223
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-9.8||CRITICAL
EPSS-5.40% / 89.74%
||
7 Day CHG~0.00%
Published-15 Mar, 2018 | 19:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-email_encryption_gatewayTrend Micro Email Encryption Gateway
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-26263
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.77%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 02:56
Updated-23 Jan, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EBM Technologies RISWEB - Improper Access Control

EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login.

Action-Not Available
Vendor-ebmtechEBM Technologiesebm_technologies
Product-riswebRISWEBrisweb
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-39412
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-3.67% / 87.43%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-23 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-access_managerAccess Manager
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-23815
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.05% / 15.06%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-13 May, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo CC (All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones). The affected server application fails to authenticate specific client requests. Modification of the client binary could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database via the event port (default: 4998/tcp)

Action-Not Available
Vendor-Siemens AG
Product-Desigo CC
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-21619
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.98%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 22:48
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series and EX Series: J-Web - unauthenticated access to temporary files containing sensitive information

A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4400ex2200-vcex4300-48tafiex4300-24tex_redundant_power_systemex6200ex4300_multigigabitex3300ex3400ex4100-fex2300-48mpsrx550ex2300mex2200ex6210ex4300-48t-sex4300mjunosex4550-vcex9251ex4550\/vcsrx240mex4300-24t-sex3300-vcex4300-48tex4300-32fex8200-vcex4300-vcsrx380srx4200ex2300-24tex9200ex4300-48mp-sex2300-24mpex4300-24pex4300srx5000ex2200-cex9250ex2300ex_rpsex9253srx1400srx4300ex4600ex4300-48tdc-afiex2300-24pex4300-mpsrx5600ex2300-csrx650ex4500-vcex4300-32f-ssrx345ex4200-vcsrx5800ex4300-48t-dcsrx110srx4000ex2300-48psrx550_hmsrx240h2srx220ex4100_multigigabitex4400-24xex9204srx5400ex4650srx100srx3400srx300srx2300ex8208ex8200srx210ex4500ex4600-vcex3200ex4550srx1500ex8216ex4300-48tdcex4200srx340srx4100ex4300-48t-dc-afisrx3600ex4300-48mpsrx240ex2300-48tex9208ex4300-48pex4300-32f-dcex4300-48t-afiex4400_multigigabitsrx1600ex4100ex9214srx320ex4300-48p-sex2300_multigigabitex4300-24p-ssrx4600srx550msrx4700Junos OS
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-21183
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.78%
||
7 Day CHG+0.17%
Published-16 Jul, 2024 | 22:40
Updated-26 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Serverweblogic_server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-21006
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-83.02% / 99.21%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:25
Updated-18 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-21007
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.43%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-21 May, 2025 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-2076
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.37%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 18:31
Updated-16 Apr, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro House Rental Management System tenant.php missing authentication

A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255392.

Action-Not Available
Vendor-CodeAstro
Product-house_rental_management_systemHouse Rental Management Systemhouse_rental_management_system
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-38817
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-90.66% / 99.60%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 12:32
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-dapr_dashboardn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-5749
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.64%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 17:27
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP DesignJet products – Credential reflection

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.

Action-Not Available
Vendor-HP Inc.
Product-Certain HP DesignJet productsdesignjet_t830_firmwaredesignjet_t730_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-35572
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.63%
||
7 Day CHG~0.00%
Published-12 Sep, 2022 | 21:17
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extract these secrets. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction.

Action-Not Available
Vendor-n/aLinksys Holdings, Inc.
Product-e5350e5350_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-34908
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.10% / 28.60%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-30 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.

Action-Not Available
Vendor-aremisn/a
Product-aremis_4_nomadsn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2024-42178
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-2.5||LOW
EPSS-0.09% / 27.06%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 21:24
Updated-16 May, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL MyXalytics is affected by a failure to restrict URL access vulnerability

HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-dryice_myxalyticsHCL MyXalytics
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found