Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-38523

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-20 Jul, 2023 | 00:00
Updated At-28 Oct, 2024 | 13:40
Rejected At-
Credits

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:20 Jul, 2023 | 00:00
Updated At:28 Oct, 2024 | 13:40
Rejected At:
▼CVE Numbering Authority (CNA)

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://help.harmanpro.com/n1115-svsi-firmware
N/A
https://help.harmanpro.com/n1x22a-updater
N/A
https://help.harmanpro.com/n1x33a-updater
N/A
https://help.harmanpro.com/n1x33-updater
N/A
https://help.harmanpro.com/n2x35-updater-hotfix
N/A
https://help.harmanpro.com/n2x35a-updater-hotfix
N/A
https://help.harmanpro.com/n2xx2-updater-hotfix
N/A
https://help.harmanpro.com/n2xx2a-updater
N/A
https://help.harmanpro.com/svsi-n4321-firmware
N/A
https://help.harmanpro.com/n3k-updater-hotfix
N/A
https://wiki.notveg.ninja/blog/CVE-2023-38523/
N/A
Hyperlink: https://help.harmanpro.com/n1115-svsi-firmware
Resource: N/A
Hyperlink: https://help.harmanpro.com/n1x22a-updater
Resource: N/A
Hyperlink: https://help.harmanpro.com/n1x33a-updater
Resource: N/A
Hyperlink: https://help.harmanpro.com/n1x33-updater
Resource: N/A
Hyperlink: https://help.harmanpro.com/n2x35-updater-hotfix
Resource: N/A
Hyperlink: https://help.harmanpro.com/n2x35a-updater-hotfix
Resource: N/A
Hyperlink: https://help.harmanpro.com/n2xx2-updater-hotfix
Resource: N/A
Hyperlink: https://help.harmanpro.com/n2xx2a-updater
Resource: N/A
Hyperlink: https://help.harmanpro.com/svsi-n4321-firmware
Resource: N/A
Hyperlink: https://help.harmanpro.com/n3k-updater-hotfix
Resource: N/A
Hyperlink: https://wiki.notveg.ninja/blog/CVE-2023-38523/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://help.harmanpro.com/n1115-svsi-firmware
x_transferred
https://help.harmanpro.com/n1x22a-updater
x_transferred
https://help.harmanpro.com/n1x33a-updater
x_transferred
https://help.harmanpro.com/n1x33-updater
x_transferred
https://help.harmanpro.com/n2x35-updater-hotfix
x_transferred
https://help.harmanpro.com/n2x35a-updater-hotfix
x_transferred
https://help.harmanpro.com/n2xx2-updater-hotfix
x_transferred
https://help.harmanpro.com/n2xx2a-updater
x_transferred
https://help.harmanpro.com/svsi-n4321-firmware
x_transferred
https://help.harmanpro.com/n3k-updater-hotfix
x_transferred
https://wiki.notveg.ninja/blog/CVE-2023-38523/
x_transferred
Hyperlink: https://help.harmanpro.com/n1115-svsi-firmware
Resource:
x_transferred
Hyperlink: https://help.harmanpro.com/n1x22a-updater
Resource:
x_transferred
Hyperlink: https://help.harmanpro.com/n1x33a-updater
Resource:
x_transferred
Hyperlink: https://help.harmanpro.com/n1x33-updater
Resource:
x_transferred
Hyperlink: https://help.harmanpro.com/n2x35-updater-hotfix
Resource:
x_transferred
Hyperlink: https://help.harmanpro.com/n2x35a-updater-hotfix
Resource:
x_transferred
Hyperlink: https://help.harmanpro.com/n2xx2-updater-hotfix
Resource:
x_transferred
Hyperlink: https://help.harmanpro.com/n2xx2a-updater
Resource:
x_transferred
Hyperlink: https://help.harmanpro.com/svsi-n4321-firmware
Resource:
x_transferred
Hyperlink: https://help.harmanpro.com/n3k-updater-hotfix
Resource:
x_transferred
Hyperlink: https://wiki.notveg.ninja/blog/CVE-2023-38523/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Samsungsamsung
Product
harman_amx_n_series
CPEs
  • cpe:2.3:a:samsung:harman_amx_n_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.15.61 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:20 Jul, 2023 | 19:15
Updated At:01 Aug, 2023 | 15:24

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Samsung
samsung
>>fgn1115-wp-wh_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn1115-wp-wh_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1115-wp-wh>>-
cpe:2.3:h:samsung:fgn1115-wp-wh:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1122-sa_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn1122-sa_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1122-sa>>-
cpe:2.3:h:samsung:fgn1122-sa:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1122-cd_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn1122-cd_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1122-cd>>-
cpe:2.3:h:samsung:fgn1122-cd:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1222-sa_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn1222-sa_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1222-sa>>-
cpe:2.3:h:samsung:fgn1222-sa:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1222-cd_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn1222-cd_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1222-cd>>-
cpe:2.3:h:samsung:fgn1222-cd:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1233-sa_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn1233-sa_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1233-sa>>-
cpe:2.3:h:samsung:fgn1233-sa:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1133-sa_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn1133-sa_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1133-sa>>-
cpe:2.3:h:samsung:fgn1133-sa:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1133-cd_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn1133-cd_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1133-cd>>-
cpe:2.3:h:samsung:fgn1133-cd:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1233-cd_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn1233-cd_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1233-cd>>-
cpe:2.3:h:samsung:fgn1233-cd:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1133a-sa_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn1133a-sa_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1133a-sa>>-
cpe:2.3:h:samsung:fgn1133a-sa:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1233a-sa_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn1233a-sa_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1233a-sa>>-
cpe:2.3:h:samsung:fgn1233a-sa:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1133a-cd_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn1133a-cd_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1133a-cd>>-
cpe:2.3:h:samsung:fgn1133a-cd:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1233a-cd_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn1233a-cd_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn1233a-cd>>-
cpe:2.3:h:samsung:fgn1233a-cd:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2135-sa_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn2135-sa_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2135-sa>>-
cpe:2.3:h:samsung:fgn2135-sa:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2235-cd_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn2235-cd_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2235-cd>>-
cpe:2.3:h:samsung:fgn2235-cd:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2235-sa_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn2235-sa_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2235-sa>>-
cpe:2.3:h:samsung:fgn2235-sa:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2135-cd_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn2135-cd_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2135-cd>>-
cpe:2.3:h:samsung:fgn2135-cd:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2122-sa_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn2122-sa_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2122-sa>>-
cpe:2.3:h:samsung:fgn2122-sa:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2222-sa_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn2222-sa_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2222-sa>>-
cpe:2.3:h:samsung:fgn2222-sa:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2212-sa_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn2212-sa_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2212-sa>>-
cpe:2.3:h:samsung:fgn2212-sa:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2122-cd_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn2122-cd_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2122-cd>>-
cpe:2.3:h:samsung:fgn2122-cd:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2222-cd_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn2222-cd_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2222-cd>>-
cpe:2.3:h:samsung:fgn2222-cd:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2212-cd_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn2212-cd_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2212-cd>>-
cpe:2.3:h:samsung:fgn2212-cd:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2222a-sa_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn2222a-sa_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2222a-sa>>-
cpe:2.3:h:samsung:fgn2222a-sa:-:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2122a-sa_firmware>>Versions before 1.15.61(exclusive)
cpe:2.3:o:samsung:fgn2122a-sa_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>fgn2122a-sa>>-
cpe:2.3:h:samsung:fgn2122a-sa:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-306Primarynvd@nist.gov
CWE ID: CWE-306
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://help.harmanpro.com/n1115-svsi-firmwarecve@mitre.org
Release Notes
https://help.harmanpro.com/n1x22a-updatercve@mitre.org
Release Notes
https://help.harmanpro.com/n1x33-updatercve@mitre.org
Release Notes
https://help.harmanpro.com/n1x33a-updatercve@mitre.org
Release Notes
https://help.harmanpro.com/n2x35-updater-hotfixcve@mitre.org
Release Notes
https://help.harmanpro.com/n2x35a-updater-hotfixcve@mitre.org
Release Notes
https://help.harmanpro.com/n2xx2-updater-hotfixcve@mitre.org
Release Notes
https://help.harmanpro.com/n2xx2a-updatercve@mitre.org
Release Notes
https://help.harmanpro.com/n3k-updater-hotfixcve@mitre.org
Release Notes
https://help.harmanpro.com/svsi-n4321-firmwarecve@mitre.org
Release Notes
https://wiki.notveg.ninja/blog/CVE-2023-38523/cve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://help.harmanpro.com/n1115-svsi-firmware
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://help.harmanpro.com/n1x22a-updater
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://help.harmanpro.com/n1x33-updater
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://help.harmanpro.com/n1x33a-updater
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://help.harmanpro.com/n2x35-updater-hotfix
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://help.harmanpro.com/n2x35a-updater-hotfix
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://help.harmanpro.com/n2xx2-updater-hotfix
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://help.harmanpro.com/n2xx2a-updater
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://help.harmanpro.com/n3k-updater-hotfix
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://help.harmanpro.com/svsi-n4321-firmware
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://wiki.notveg.ninja/blog/CVE-2023-38523/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

114Records found
CVE-2019-11466
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 53.64%
||
7 Day CHG~0.00%
Published-10 Sep, 2019 | 17:02
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.

Action-Not Available
Vendor-n/aCouchbase, Inc.
Product-couchbase_servern/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-54155
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-3.7||LOW
EPSS-0.00% / 0.01%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 11:16
Updated-31 Jan, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-25245
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.72% / 85.35%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 18:27
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_servicedesk_plusn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-29881
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-1.08% / 76.93%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 09:47
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow unauthenticated users to extract internal configuration details.

Action-Not Available
Vendor-Siemens AG
Product-7kg8501-0aa11-2aa0_firmware7kg8551-0aa01-2aa07kg8501-0aa11-0aa07kg8500-0aa10-0aa0_firmware7kg8501-0aa31-2aa0_firmware7kg8551-0aa02-2aa0_firmware7kg8551-0aa02-0aa0_firmware7kg8551-0aa32-2aa0_firmware7kg8550-0aa00-0aa07kg8550-0aa00-0aa0_firmware7kg8501-0aa01-0aa07kg8551-0aa02-0aa07kg8500-0aa30-0aa07kg8551-0aa32-0aa0_firmware7kg8551-0aa02-2aa07kg8550-0aa30-0aa0_firmware7kg8501-0aa32-0aa07kg8500-0aa30-2aa0_firmware7kg8501-0aa01-0aa0_firmware7kg8501-0aa02-0aa07kg8551-0aa12-2aa07kg8500-0aa00-0aa07kg8551-0aa01-0aa0_firmware7kg8501-0aa11-2aa07kg8501-0aa31-0aa07kg8501-0aa12-2aa0_firmware7kg8501-0aa32-2aa07kg8550-0aa00-2aa0_firmware7kg8550-0aa30-2aa07kg8501-0aa31-0aa0_firmware7kg8550-0aa30-0aa07kg8501-0aa12-0aa0_firmware7kg8551-0aa12-0aa07kg8500-0aa30-2aa07kg8501-0aa32-2aa0_firmware7kg8500-0aa10-2aa0_firmware7kg8500-0aa00-2aa0_firmware7kg8501-0aa01-2aa0_firmware7kg8501-0aa02-0aa0_firmware7kg8500-0aa10-0aa07kg8551-0aa12-0aa0_firmware7kg8550-0aa30-2aa0_firmware7kg8551-0aa32-2aa07kg8501-0aa11-0aa0_firmware7kg8550-0aa10-2aa07kg8501-0aa02-2aa0_firmware7kg8551-0aa32-0aa07kg8501-0aa32-0aa0_firmware7kg8551-0aa12-2aa0_firmware7kg8550-0aa10-0aa0_firmware7kg8501-0aa01-2aa07kg8550-0aa00-2aa07kg8551-0aa31-2aa0_firmware7kg8551-0aa11-2aa07kg8501-0aa12-0aa07kg8551-0aa31-0aa0_firmware7kg8551-0aa11-0aa07kg8500-0aa00-2aa07kg8551-0aa01-2aa0_firmware7kg8550-0aa10-2aa0_firmware7kg8550-0aa10-0aa07kg8551-0aa31-0aa07kg8551-0aa11-0aa0_firmware7kg8551-0aa11-2aa0_firmware7kg8500-0aa30-0aa0_firmware7kg8551-0aa01-0aa07kg8501-0aa02-2aa07kg8500-0aa10-2aa07kg8551-0aa31-2aa07kg8501-0aa31-2aa07kg8501-0aa12-2aa07kg8500-0aa00-0aa0_firmwareSICAM P850SICAM P855
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-1598
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.3||MEDIUM
EPSS-25.75% / 96.04%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 08:51
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPQA < 5.5 - Unauthenticated Private Message Disclosure

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.

Action-Not Available
Vendor-2codeUnknown
Product-wpqa_builderWPQA Builder
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-41157
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.34%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 13:35
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication.

Action-Not Available
Vendor-freeswitchsignalwire
Product-freeswitchfreeswitch
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-35936
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.23%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 07:25
Updated-04 Aug, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
No Authentication on Logging Server

If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2.

Action-Not Available
Vendor-The Apache Software Foundation
Product-airflowApache Airflow
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-3188
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.49%
||
7 Day CHG~0.00%
Published-21 Dec, 2022 | 22:30
Updated-15 Apr, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.

Action-Not Available
Vendor-Dataprobe, Inc.
Product-iboot-pdu8sa-2n15_firmwareiboot-pdu4a-n15iboot-pdu4sa-n20iboot-pdu4sa-n15iboot-pdu4a-n20_firmwareiboot-pdu8a-2n15iboot-pdu4-n20iboot-pdu8a-n20iboot-pdu8sa-n20iboot-pdu4a-n20iboot-pdu8a-2n15_firmwareiboot-pdu8sa-n20_firmwareiboot-pdu8a-n20_firmwareiboot-pdu8a-2n20iboot-pdu4a-n15_firmwareiboot-pdu8a-n15_firmwareiboot-pdu4sa-n20_firmwareiboot-pdu8sa-2n15iboot-pdu8sa-n15_firmwareiboot-pdu4sa-n15_firmwareiboot-pdu4-n20_firmwareiboot-pdu8a-2n20_firmwareiboot-pdu8sa-n15iboot-pdu8a-n15iBoot-PDU FW
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-26697
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-2.12% / 83.43%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 14:15
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Airflow: Lineage API endpoint for Experimental API missed authentication check

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.

Action-Not Available
Vendor-The Apache Software Foundation
Product-airflowApache Airflow
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-52285
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 10.06%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:47
Updated-11 Mar, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8). Affected devices expose several MQTT URLs without authentication. This could allow an unauthenticated remote attacker to access sensitive data.

Action-Not Available
Vendor-Siemens AG
Product-SiPass integrated ACC-APSiPass integrated AC5102 (ACC-G2)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-30515
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.86%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration.

Action-Not Available
Vendor-n/aZKTeco Co., Ltd.
Product-biotimen/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-43272
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.26%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 17:43
Updated-19 Aug, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Unpublished Campaign Viewer vulnerability

Missing Authentication for Critical Function vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24.

Action-Not Available
Vendor-icegramicegram
Product-Icegramicegram
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-20067
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.69%
||
7 Day CHG~0.00%
Published-16 Feb, 2021 | 19:40
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication.

Action-Not Available
Vendor-racomn/a
Product-m\!dge_firmwarem\!dgeRacom MIDGE Firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-3461
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.55% / 67.04%
||
7 Day CHG~0.00%
Published-31 Jul, 2020 | 00:01
Updated-13 Nov, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface. A successful exploit could allow the attacker to read confidential information from an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found