CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,451 vulnerabilities with CWE-306
CVE-2020-3333 MEDIUM
Cisco Application Services Engine Software - RCE
CVSS 5.3
CVE-2020-7115 CRITICAL
ClearPass Policy Manager 6.7.0-6.7.12 - Unauthenticated Remote Command Execution via Authentication Bypass
CVSS 9.8
CVE-2020-12017 CRITICAL
GE Grid Solutions Reason RT Clocks RT430/RT431/RT434 < 08A05 - Remote Command Execution and DoS
CVSS 9.8
CVE-2020-13695 HIGH
QuickBox Community Edition < 2.5.5 and Pro Edition < 2.1.8 - Privilege Escalation via Sudo Grep Execution
CVSS 7.2
CVE-2020-1955 CRITICAL
Apache CouchDB 3.0.0 - Missing Authentication for Critical Function via Misconfiguration
CVSS 9.8
CVE-2020-12877 HIGH
Veritas APTARE <10.4 - Info Disclosure
CVSS 7.5
CVE-2020-6242 CRITICAL
SAP Business Objects <2.4 - Auth Bypass
CVSS 9.8
CVE-2020-9315 HIGH
Oracle iPlanet Web Server 7.0-7.0.26 - Unauthenticated Sensitive Information Exposure via Administration Console
CVSS 7.5
CVE-2020-12720 CRITICAL
vBulletin <5.5.6pl1, <5.6.0pl1, <5.6.1pl1 - Privilege Escalation
CVSS 9.8
CVE-2020-10974 HIGH
Wavlink/Wavlink/Jetstream - Info Disclosure
CVSS 7.5
CVE-2020-10973 HIGH
Wavlink WN530HG4, WN531G3, WN533A8, and WN551K1 - Unauthenticated Configuration Export via ExportAllSettings.sh
CVSS 7.5
CVE-2020-10972 HIGH
Wavlink WN530HG4, WN531G3, and WN572HG3 Firmware - Unauthenticated Administrator Password Exposure via live_?.shtml Page
CVSS 7.5
CVE-2020-12117 MEDIUM
Moxa NPort 5100A Firmware < 1.5 - Unauthenticated Sensitive Information Exposure via UDP Port 4800
CVSS 5.3
CVE-2020-11028 MEDIUM
WordPress < 5.4.1 - Unauthenticated Private Post Disclosure
CVSS 5.8
CVE-2020-12478 HIGH
TeamPass 2.1.27.36 - Info Disclosure
CVSS 7.5
CVE-2020-10641 HIGH
Ignition Gateway 8.0-8.0.9 - Unauthenticated Denial of Service via Unprotected Logging Route
CVSS 7.5
CVE-2020-12266 HIGH
Wavlink Multiple Router Models - Unauthenticated Information Disclosure via live_(string).shtml Pages
CVSS 7.5
CVE-2020-5870 HIGH
F5 BIG-IQ Centralized Management 5.2.0-7.0.0 - Unauthenticated High Availability Synchronization
CVSS 8.1
CVE-2020-11649 MEDIUM
GitLab 8.15-12.9.2 - Missing Authentication for Critical Function
CVSS 6.5
CVE-2020-11539 HIGH
Tata Sonata Smart SF Rush 1.12 - Unauthenticated Cleartext Transmission of Sensitive Information
CVSS 8.1
CVE-2020-9278 CRITICAL
D-Link DSL-2640B B2 EU_4.01B - Unauthenticated Configuration Reset via URL
CVSS 9.1
CVE-2020-9275 CRITICAL
D-Link DSL-2640B B2 EU_4.01B - Unauthenticated Credential Exfiltration via cfm UDP Service
CVSS 9.8
CVE-2020-11946 HIGH
Zoho ManageEngine OpManager - Unauthenticated API Key Retrieval via Servlet Call
CVSS 7.5
CVE-2020-7114 CRITICAL
Aruba ClearPass 6.7.0-6.7.12 - Unauthenticated Database Modification via Crafted HTTP Packets
CVSS 9.8
CVE-2020-6235 HIGH
SAP Solution Manager <7.2 - Missing Authentication
CVSS 8.6
Details
Vulnerabilities 2,451
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits