CWE-287

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.

Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.

OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.

An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user’s account.