authentication bypass Archives

Pierluigi Paganini July 01, 2024

Juniper Networks fixed a critical authentication bypass flaw in some of its routers

Juniper Networks released out-of-band security updates to address a critical authentication bypass vulnerability impacting some of its routers. Juniper Networks has released out-of-band security updates to address a critical vulnerability, tracked as CVE-2024-2973 (CVSS score of 10.0), that could lead to an authentication bypass in some of its routers. The company discovered the vulnerability during […]

Pierluigi Paganini May 22, 2024

Critical Veeam Backup Enterprise Manager authentication bypass bug

A critical security vulnerability in Veeam Backup Enterprise Manager could allow threat actors to bypass authentication. A critical vulnerability, tracked as CVE-2024-29849 (CVSS score: 9.8), in Veeam Backup Enterprise Manager could allow attackers to bypass authentication. Veeam Backup Enterprise Manager is a centralized management and reporting tool designed to simplify the administration of Veeam Backup & Replication […]

Pierluigi Paganini March 11, 2024

Experts released PoC exploit for critical Progress Software OpenEdge bug

Researchers released technical specifics and a PoC exploit for a recently disclosed flaw in Progress Software OpenEdge Authentication Gateway and AdminServer. Researchers from Horizon3.ai have published technical details and a proof-of-concept (PoC) exploit for the critical security flaw CVE-2024-1403 in Progress Software OpenEdge Authentication Gateway and AdminServer. “The Progress OpenEdge team recently identified a security […]

Pierluigi Paganini March 08, 2024

QNAP fixed three flaws in its NAS devices, including an authentication bypass

QNAP addressed three vulnerabilities in its NAS products that can be exploited to access devices. QNAP addressed three vulnerabilities in Network Attached Storage (NAS) devices that can be exploited to access the devices. The three flaws fixed are: The vulnerability CVE-2024-21899 (CVSS score 9.8) is the most severe of the above issues, it can be […]

Pierluigi Paganini December 28, 2023

Experts warn of critical Zero-Day in Apache OfBiz

Experts warn of a zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. An attacker can trigger the vulnerability, tracked as CVE-2023-51467, to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) […]

Pierluigi Paganini June 29, 2023

Experts published PoC exploits for Arcserve UDP authentication bypass issue

Data protection firm Arcserve addressed an authentication bypass vulnerability in its Unified Data Protection (UDP) backup software. Data protection vendor Arcserve addressed a high-severity bypass authentication flaw, tracked as CVE-2023-26258, in its Unified Data Protection (UDP) backup software. Threat actors can exploit the vulnerability to bypass authentication and gain admin privileges. Arcserve Unified Data Protection […]

Pierluigi Paganini October 15, 2022

Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS

Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software. “An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker […]

Pierluigi Paganini October 12, 2022

Aruba fixes critical vulnerabilities in EdgeConnect Enterprise Orchestrator

Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator. Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator that can be exploited by remote attackers to compromise the vulnerable host. Aruba EdgeConnect Orchestrator is a centralized SD-WAN management solution that allows enterprises to control their WAN. Below are the vulnerabilities addressed […]

Pierluigi Paganini May 18, 2022

VMware fixed a critical auth bypass issue in some of its products

VMware addressed a critical authentication bypass vulnerability “affecting local domain users” in multiple products. The virtualization giant warns that a threat actor can exploit the flaw, tracked as CVE-2022-22972 (CVSSv3 base score of 9.8), to obtain admin privileges and urges customers to install patches immediately. “This critical vulnerability should be patched or mitigated immediately per the […]

Pierluigi Paganini April 24, 2022

Atlassian addresses a critical Jira authentication bypass flaw

Atlassian fixed a critical flaw in its Jira software, tracked as CVE-2022-0540, that could be exploited to bypass authentication. Atlassian has addressed a critical vulnerability in its Jira Seraph software, tracked as CVE-2022-0540 (CVSS score 9.9), that can be exploited by an unauthenticated attacker to bypass authentication. A threat actor could trigger the vulnerability by […]