CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,451 vulnerabilities with CWE-306
CVE-2020-35192 CRITICAL
Vault Docker <0.11.6 - Privilege Escalation
CVSS 9.8
CVE-2020-35191 CRITICAL
Drupal Docker <8.5.10-fpm-alpine - Privilege Escalation
CVSS 9.8
CVE-2020-35190 CRITICAL
plone Docker <4.3.18-alpine - Privilege Escalation
CVSS 9.8
CVE-2020-35186 CRITICAL
Adminer Docker <4.7.0-fastcgi - Privilege Escalation
CVSS 9.8
CVE-2020-35184 CRITICAL
Composer Docker <1.8.3 - Privilege Escalation
CVSS 9.8
CVE-2020-35189 CRITICAL
Kong Docker <1.0.2-alpine - Privilege Escalation
CVSS 9.8
CVE-2020-35187 CRITICAL
Telegraf Docker <1.9.4-alpine - Privilege Escalation
CVSS 9.8
CVE-2020-35185 CRITICAL
Ghost Docker <2.16.1-alpine - Privilege Escalation
CVSS 9.8
CVE-2020-28929 CRITICAL
EPSON EPS TSE Server 8 21.0.11 - Unauthenticated Credential Exposure via Log Downloader
CVSS 9.8
CVE-2020-25621 HIGH
SolarWinds N-Central 12.3.0.670 - Unauthenticated Database Access
CVSS 8.4
CVE-2020-35469 CRITICAL
Software AG Terracotta Server OSS Docker Image 5.4.1 - Unauthenticated Root Access via Blank Password
CVSS 9.8
CVE-2020-35468 CRITICAL
Appbase streams 2.1.2 - Unauthenticated Root Access via Blank Password
CVSS 9.8
CVE-2020-35193 CRITICAL
SonarQube Docker <alpine - Privilege Escalation
CVSS 9.8
CVE-2020-35467 CRITICAL
Docker Docs < 2020-12-14 - Unauthenticated Root Access via Blank Password
CVSS 9.8
CVE-2020-35466 CRITICAL
blackfire/blackfire_docker_image < 2020-12-14 - Unauthenticated Root Access via Blank Password
CVSS 9.8
CVE-2020-35464 CRITICAL
Weave Cloud Agent 1.3.0 - Unauthenticated Root Access via Blank Password
CVSS 9.8
CVE-2020-35463 CRITICAL
Instana Dynamic APM 1.0.0 - Unauthenticated Root Access via Blank Password
CVSS 9.8
CVE-2020-35462 CRITICAL
coscale_agent 3.16.0 - Unauthenticated Remote Root Access via Blank Password
CVSS 9.8
CVE-2020-25228 CRITICAL
Siemens LOGO! 8 BM Firmware <8.3 - Unauthenticated Remote Code Execution via Port 10005
CVSS 9.8
CVE-2020-16102 HIGH
Gallagher Command Centre < 7.90.0 - Unauthenticated Denial of Service via Invalid Configuration
CVSS 7.1
CVE-2020-7540 CRITICAL
Modicon M340 BMXP341000 Firmware < 3.30 - Unauthenticated Command Execution via HTTP Requests
CVSS 9.8
CVE-2020-29311 CRITICAL
ubilling 1.0.9 - Remote Command Execution via Config File Injection
CVSS 9.8
CVE-2020-26829 CRITICAL
SAP NetWeaver AS JAVA - Privilege Escalation
CVSS 10.0
CVE-2020-27902 MEDIUM
iPadOS < 14.2 - Unauthenticated Stored Password Access
CVSS 4.6
CVE-2020-28946 HIGH
Plum IK-401 Firmware < 1.02 - Unauthenticated Configuration File Exposure via Webserver
CVSS 7.5
Details
Vulnerabilities 2,451
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits