CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2019-5233 HIGH
Huawei <Taurus-AL00B 10.0.0.41 - Privilege Escalation
CVSS 8.8
CVE-2019-5213 LOW
Honor play <Cornell-AL00A 9.1.0.321(C00E320R1P1T8) - Insufficient A...
CVSS 2.4
CVE-2019-18848 HIGH
json-jwt < 1.11.0 - Improper Authentication via JWE String Parsing
CVSS 7.5
CVE-2019-13531 MEDIUM
Medtronic Valleylab <2.1.0-1.20.2 - Auth Bypass
CVSS 4.8
CVE-2019-8108 MEDIUM
Magento 2.2-2.2.9 and 2.3-2.3.2 - Authenticated Insecure Session Validation Manipulation
CVSS 6.5
CVE-2019-1980 MEDIUM
Cisco Firepower Threat Defense Protocol Detection Bypass via Nonstandard Port
CVSS 5.3
CVE-2019-1877 MEDIUM
Cisco Enterprise Chat and Email - Info Disclosure
CVSS 6.5
CVE-2019-18661 HIGH
Fastweb FASTGate 1.0.1b - Auth Bypass
CVSS 7.5
CVE-2019-17627 MEDIUM
Yale Bluetooth Key - Unauthenticated Unlock via BLE Traffic Sniffing and Key Calculation
CVSS 6.5
CVE-2019-14510 MEDIUM
Kaseya VSA RMM <9.5.0.22 - Privilege Escalation
CVSS 6.7
CVE-2019-9531 CRITICAL
Cobham EXPLORER 710 <1.07 - Info Disclosure
CVSS 9.8
CVE-2019-17372 HIGH
NETGEAR Multiple Devices - Unauthenticated Authentication Bypass via genieDisableLanChanged.cgi
CVSS 8.1
CVE-2019-17134 CRITICAL
OpenStack Octavia 0.10.0-2.1.1, 3.0.0-3.1.9, 4.0.0-4.0.9 - Unauthenticated Authentication Bypass via Agent HTTP Requests
CVSS 9.1
CVE-2019-16929 HIGH
Auth0 auth0.net 5.8.0-6.5.3 - Improper Authentication via IdentityTokenValidator
CVSS 7.5
CVE-2019-13336 CRITICAL
dbell DB01-S Gen 1 Firmware - Unauthenticated Remote Command Execution via TCP Port 81
CVSS 9.8
CVE-2019-11733 CRITICAL
Firefox < 68.0.2 - Unauthenticated Password Theft via Clipboard Copy
CVSS 9.8
CVE-2019-12664 HIGH
Cisco IOS XE - Unauthenticated IPv4 Traffic Bypass via ISDN Dialer Interface
CVSS 7.5
CVE-2019-14239 MEDIUM
NXP Kinetis KV1x-KV3x-K8x - Code Injection
CVSS 6.6
CVE-2019-14238 MEDIUM
STMicroelectronics STM32F7 - Info Disclosure
CVSS 6.6
CVE-2019-16649 CRITICAL
Supermicro X11DAI-N & X11/H11/H12/M11/X9/X10 Firmware - Virtual Media Service Credential Exposure
CVSS 10.0
CVE-2019-6832 HIGH
spaceLYnk <2.4.0 & Wiser for KNX <2.4.0 - Auth Bypass
CVSS 8.3
CVE-2019-16261 CRITICAL
Tripp Lite PDUMH15AT and SU750XL <12.04.0053 <12.04.0052 - Unauthenticated Password Change and Power Control
CVSS 9.1
CVE-2019-16250 HIGH
Ocean Extra < 1.5.8 - Unauthenticated Options Change and CSS Injection via Wizard Endpoint
CVSS 7.5
CVE-2019-16190 CRITICAL
D-Link DIR-868L/DIR-885L/DIR-895L - Auth Bypass
CVSS 9.8
CVE-2019-5473 HIGH
GitLab - Authentication Bypass via Email Verification
CVSS 7.2
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits