CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2019-18286 MEDIUM
SPPA-T3000 Application Server < R8.2 SP2 - Unauthenticated Sensitive Information Exposure via Directory Listing
CVSS 5.3
CVE-2019-18284 CRITICAL
SPPA-T3000 Application Server < R8.2 SP2 - Unauthenticated Password Hash Exposure and Password Change via AdminService
CVSS 9.8
CVE-2019-14870 MEDIUM
Samba 4.x.x < 4.9.17, 4.10.x < 4.10.11, 4.11.x < 4.11.3 - Improper Authentication via S4U Kerberos Delegation
CVSS 5.4
CVE-2019-18380 MEDIUM
Symantec Industrial Control System Protection 6.0.0-6.1.1.123 - Unauthenticated User Account Creation/Modification
CVSS 6.5
CVE-2019-15897 CRITICAL
ThinkParQ BeeGFS <7.1.3 - Auth Bypass
CVSS 9.6
CVE-2019-17437 HIGH
PAN-OS 7.1.0-7.1.24 - Authenticated Privilege Escalation
CVSS 7.8
CVE-2019-14910 CRITICAL
Keycloak 7.x - Improper Certificate Validation in LDAP StartTLS Authentication
CVSS 9.8
CVE-2019-19598 HIGH
D-Link DAP-1860 <1.04b03 Beta - Auth Bypass
CVSS 8.8
CVE-2019-19521 CRITICAL
OpenBSD 6.6 - Authentication Bypass via -schallenge Username
CVSS 9.8
CVE-2019-19519 HIGH
OpenBSD 6.6 - Authentication Bypass via su -L Option
CVSS 7.8
CVE-2019-14909 HIGH
Keycloak 7.x - Authentication Bypass via LDAP Anonymous Bind
CVSS 8.3
CVE-2019-19507 MEDIUM
Json Pattern Validator < 2.1.1 - Authentication Bypass via Constructor Attribute Overwrite
CVSS 5.3
CVE-2019-12394 CRITICAL
Anviz Access Control - Info Disclosure
CVSS 9.8
CVE-2019-5218 HIGH
Huawei Band 2 and Honor Band 3 - Insufficient Authentication
CVSS 8.8
CVE-2019-16201 HIGH
Ruby 2.4.0-2.4.7, 2.5.x-2.5.6, 2.6.x-2.6.4 - Denial of Service in WEBrick DigestAuth
CVSS 7.5
CVE-2019-6675 CRITICAL
F5 BIG-IP Link Controller 15.0.1.0.33.11-ENG to 15.0.1.0.48.11-ENG - Authentication Bypass via Active Directory or LDAP
CVSS 9.8
CVE-2019-14856 MEDIUM
Ansible < 2.6.20, 2.7.14, 2.8.6 - Improper Authentication
CVSS 6.5
CVE-2019-15987 MEDIUM
Cisco Webex Event/Meeting/Support/Training Center - Unauthenticated Username Enumeration
CVSS 5.3
CVE-2019-18250 CRITICAL
ABB Plant Connect and Power Generation Information Manager - Authentication Bypass
CVSS 9.8
CVE-2019-18374 CRITICAL
Symantec Critical System Protection 8.0, 8.0 HF1, 8.0 MP1 - Authentication Bypass
CVSS 9.8
CVE-2019-16286 MEDIUM
OS Application Filter - Auth Bypass
CVSS 6.8
CVE-2019-3654 MEDIUM
McAfee Client Proxy < 3.0.0 - Authentication Bypass via Client-Side Authorization Key Generation
CVSS 5.3
CVE-2019-19006 CRITICAL KEV
Sangoma FreePBX <115.0.16.26, <14.0.13.11, <13.0.197.13 - Info Disc...
CVSS 9.8
CVE-2019-15803 CRITICAL
Zyxel GS1900 Firmware < 2.50(AAHH.0)C0 - Unauthenticated Diagnostics Shell Access via Undocumented Key Sequence
CVSS 9.1
CVE-2019-11170 HIGH
Intel Baseboard Management Controller Firmware < 2.18 - Unauthenticated Authentication Bypass
CVSS 7.8
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits