CVEs from 2017
Total
11,796
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.0%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-16419 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |
| CVE-2017-16369 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |
| CVE-2017-16361 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |
| CVE-2017-16854 | medium | 6.5 | 6.5 | 9y ago | In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose int… | |
| CVE-2017-15895 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_p… | |
| CVE-2017-15894 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbi… | |
| CVE-2017-15893 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parame… | |
| CVE-2017-15891 | medium | 6.5 | 6.5 | 9y ago | Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors. | |
| CVE-2017-1487 | medium | 6.5 | 6.5 | 9y ago | IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626. | |
| CVE-2017-1433 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803. | |
| CVE-2017-17381 | medium | 6.5 | 6.5 | 9y ago | The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. | |
| CVE-2017-17446 | medium | 6.5 | 6.5 | 9y ago | The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a deni… | |
| CVE-2017-17440 | medium | 6.5 | 6.5 | 9y ago | GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, … | |
| CVE-2017-13148 | medium | 6.5 | 6.5 | 9y ago | A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65717533. | |
| CVE-2017-0880 | medium | 6.5 | 6.5 | 9y ago | A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012. | |
| CVE-2017-0874 | medium | 6.5 | 6.5 | 9y ago | A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932. | |
| CVE-2017-0873 | medium | 6.5 | 6.5 | 9y ago | A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255. | |
| CVE-2017-17128 | medium | 6.5 | 6.5 | 9y ago | The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file. | |
| CVE-2017-17127 | medium | 6.5 | 6.5 | 9y ago | The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | |
| CVE-2017-16893 | medium | 6.5 | 6.5 | 9y ago | The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context… | |
| CVE-2017-14953 | medium | 6.5 | 6.5 | 9y ago | HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi en… | |
| CVE-2017-17081 | medium | 6.5 | 6.5 | 9y ago | The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedne… | |
| CVE-2017-12364 | medium | 6.5 | 6.5 | 9y ago | A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The … | |
| CVE-2017-12362 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vuln… | |
| CVE-2017-12359 | medium | 6.5 | 6.5 | 9y ago | A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exp… | |
| CVE-2017-17046 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that… | |
| CVE-2017-17044 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. | |
| CVE-2017-14389 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud C… | |
| CVE-2017-1628 | medium | 6.5 | 6.5 | 9y ago | IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. | |
| CVE-2017-9316 | medium | 6.5 | 6.5 | 9y ago | Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used f… | |
| CVE-2017-16961 | medium | 6.5 | 6.5 | 9y ago | A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application… | |
| CVE-2017-16959 | medium | 6.5 | 6.5 | 9y ago | The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;local… | |
| CVE-2017-16942 | medium | 6.5 | 6.5 | 9y ago | In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. | |
| CVE-2017-16936 | medium | 6.5 | 6.5 | 9y ago | Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US… | |
| CVE-2017-8201 | medium | 6.5 | 6.5 | 9y ago | MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affe… | |
| CVE-2017-8200 | medium | 6.5 | 6.5 | 9y ago | MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the… | |
| CVE-2017-8199 | medium | 6.5 | 6.5 | 9y ago | MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the… | |
| CVE-2017-8163 | medium | 6.5 | 6.5 | 9y ago | AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with s… | |
| CVE-2017-8162 | medium | 6.5 | 6.5 | 9y ago | AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with s… | |
| CVE-2017-8158 | medium | 6.5 | 6.5 | 9y ago | FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could crea… | |
| CVE-2017-8130 | medium | 6.5 | 6.5 | 9y ago | The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. | |
| CVE-2017-2717 | medium | 6.5 | 6.5 | 9y ago | honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earlier versions has an integer overflow vulnerability. The attacker sends a … | |
| CVE-2017-15099 | medium | 6.5 | 6.5 | 9y ago | INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits … | |
| CVE-2017-12190 | medium | 6.5 | 6.5 | 9y ago | The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same… | |
| CVE-2017-8860 | medium | 6.5 | 6.5 | 9y ago | Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web … | |
| CVE-2017-16883 | medium | 6.5 | 6.5 | 9y ago | The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf fil… | |
| CVE-2017-1000221 | medium | 6.5 | 6.5 | 9y ago | Opencast has Incorrect Permission Assignment | |
| CVE-2017-4938 | medium | 6.5 | 6.5 | 9y ago | VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal… | |
| CVE-2017-1000224 | medium | 6.5 | 6.5 | 9y ago | CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin | |
| CVE-2017-16867 | medium | 6.5 | 6.5 | 9y ago | Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house f… | |
| CVE-2017-11872 | medium | 6.5 | 6.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the atta… | |
| CVE-2017-16239 | medium | 6.5 | 6.5 | 9y ago | OpenStack Nova Filter Scheduler Bypass | |
| CVE-2017-13790 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web s… | |
| CVE-2017-13789 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web s… | |
| CVE-2017-15638 | medium | 6.5 | 6.5 | 9y ago | The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and S… | |
| CVE-2017-12803 | medium | 6.5 | 6.5 | 9y ago | The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |
| CVE-2017-12802 | medium | 6.5 | 6.5 | 9y ago | The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |
| CVE-2017-12801 | medium | 6.5 | 6.5 | 9y ago | The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |
| CVE-2017-12800 | medium | 6.5 | 6.5 | 9y ago | The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv … | |
| CVE-2017-12783 | medium | 6.5 | 6.5 | 9y ago | The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |
| CVE-2017-12782 | medium | 6.5 | 6.5 | 9y ago | The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |
| CVE-2017-12781 | medium | 6.5 | 6.5 | 9y ago | The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv fi… | |
| CVE-2017-12780 | medium | 6.5 | 6.5 | 9y ago | The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file. | |
| CVE-2017-12779 | medium | 6.5 | 6.5 | 9y ago | The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. | |
| CVE-2017-12096 | medium | 6.5 | 6.5 | 9y ago | An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted ne… | |
| CVE-2017-12094 | medium | 6.5 | 6.5 | 9y ago | An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attac… | |
| CVE-2017-16541 | medium | 6.5 | 6.5 | 9y ago | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages f… | |
| CVE-2017-1000156 | medium | 6.5 | 6.5 | 9y ago | Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin ro… | |
| CVE-2017-1000142 | medium | 6.5 | 6.5 | 9y ago | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation. | |
| CVE-2017-1000136 | medium | 6.5 | 6.5 | 9y ago | Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change. | |
| CVE-2017-1000135 | medium | 6.5 | 6.5 | 9y ago | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended. | |
| CVE-2017-1000131 | medium | 6.5 | 6.5 | 9y ago | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when usi… | |
| CVE-2017-3736 | medium | 6.5 | 6.5 | 9y ago | There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RS… | |
| CVE-2017-12274 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio freq… | |
| CVE-2017-12273 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent at… | |
| CVE-2017-14992 | medium | 6.5 | 6.5 | 9y ago | Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause … | |
| CVE-2017-16353 | medium | 6.5 | 6.5 | 9y ago | GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The p… | |
| CVE-2017-10944 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-10943 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-10942 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-15937 | medium | 6.5 | 6.5 | 9y ago | Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /v… | |
| CVE-2017-14182 | medium | 6.5 | 6.5 | 9y ago | A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to… | |
| CVE-2017-5120 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5117 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5110 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5106 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5105 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5104 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5101 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5094 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5093 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5090 | medium | 6.5 | 6.5 | 9y ago | Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.115 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name containing a U+0620 character… | |
| CVE-2017-5089 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5086 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5076 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5072 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5067 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5066 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-5060 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |
| CVE-2017-1222 | medium | 6.5 | 6.5 | 9y ago | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM… |