CVE-2017-16590

HIGH Year: 2017
CVSS v3 Score
8.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-289
View all →

Vulnerability Description

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. User interaction is required to exploit this vulnerability. The specific flaw exists within the MainFilter servlet. The issue results from the lack of proper string matching inside the doFilter method. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of Administrator. Was ZDI-CAN-5099.

Related Vulnerabilities

CVE-2023-20046

HIGH
CVSS:8.8(High)

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is du...

CWE-2892023

CVE-2023-38487

HIGH
CVSS:8.2(High)

HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The...

CWE-2892023

CVE-2025-29266

CRITICAL
CVSS:9.6(Critical)

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.

CWE-2892025

CVE-2021-34746

CRITICAL
CVSS:9.8(Critical)

A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to byp...

CWE-2892021

CVE-2023-1803

CRITICAL
CVSS:9.8(Critical)

Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.

CWE-2892023

CVE-2024-56511

CRITICAL
CVSS:9.8(Critical)

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause th...

CWE-2892024