CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2019-12405 CRITICAL
Apache Traffic Control <3.0.1 - Auth Bypass
CVSS 9.8
CVE-2019-13188 CRITICAL
Knowage < 6.4 - Unauthenticated Access Control Bypass
CVSS 9.8
CVE-2019-13361 MEDIUM
Smanos W100 1.0.0 - Improper Authentication
CVSS 6.5
CVE-2019-13190 MEDIUM
Knowage < 6.1.1 - CAPTCHA Bypass in Signup Page
CVSS 5.3
CVE-2019-13526 HIGH
Datalogic AV7000 Firmware < 4.6.0.0 - Authentication Bypass
CVSS 8.8
CVE-2019-11064 CRITICAL
androvideo vd_1_firmware < 230 - Unauthenticated Remote Credential Disclosure via ExportSettings.cgi
CVSS 9.8
CVE-2019-12643 CRITICAL
Cisco IOS XE - Unauthenticated Authentication Bypass via REST API
CVSS 10.0
CVE-2019-15648 MEDIUM
insert-or-embed-articulate-content-into-wordpress < 4.29991 - Unauthenticated Path Traversal
CVSS 6.5
CVE-2019-13423 HIGH
Search Guard Kibana Plugin <5.6.8-7 & <6.x.y-12 Authenticated User Impersonation
CVSS 8.8
CVE-2019-1974 CRITICAL
Cisco Integrated Management Controlle... - Authentication Bypass
CVSS 9.8
CVE-2019-1938 CRITICAL
Cisco UCS Director and UCS Director Express for Big Data - Authentication Bypass via Crafted HTTP Requests
CVSS 9.8
CVE-2019-1937 CRITICAL
Cisco UCS Director Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2019-6143 CRITICAL
Forcepoint Next Generation Firewall 6.4.0-6.4.6, 6.5.0-6.5.3, 6.6.0-6.6.1 - Authentication Bypass via LDAP
CVSS 9.1
CVE-2019-11187 CRITICAL
GONICUS GOsa < 2019-04-11 - Unauthenticated Incorrect Access Control via LDAP Username Substring
CVSS 9.8
CVE-2019-15046 HIGH
ManageEngine ServiceDesk Plus 10-10509 - Unauthenticated Sensitive Information Leakage via Fail Over Service Replication
CVSS 7.5
CVE-2019-5223 HIGH
PCManager 9.1.3.1 - Command Injection
CVSS 7.8
CVE-2019-14985 CRITICAL
eQ-3 Homematic CCU2 and CCU3 - Unauthenticated Remote Code Execution via CMD_EXEC Virtual Device
CVSS 9.8
CVE-2019-1946 MEDIUM
Cisco Enterprise NFV Infrastructure Software < 3.10.1 - Unauthenticated Authentication Bypass
CVSS 6.5
CVE-2019-14432 HIGH
Loom < 0.16.0 - Remote Code Execution via WebSocket Authentication Bypass
CVSS 8.8
CVE-2019-14705 HIGH
MicroDigital N-series <6400.0.8.5 - Info Disclosure
CVSS 7.2
CVE-2019-5679 HIGH
NVIDIA Shield TV Experience < 8.0 - Improper Authentication in nvtboot Trusted OS Image
CVSS 7.8
CVE-2019-7163 CRITICAL
Alcatel LINKZONE MW40-V-V1.0 - Auth Bypass
CVSS 9.8
CVE-2019-3884 MEDIUM
OpenShift 3.6-3.11, 4.1 - Authentication Bypass via UUID Spoofing
CVSS 5.4
CVE-2019-5455 MEDIUM
Nextcloud Android app 3.6.0 - Improper Authentication via Multi-Account Creation Abort
CVSS 6.8
CVE-2019-5453 MEDIUM
Nextcloud Android App < 3.3.0 - Authentication Bypass via File Provider Switch
CVSS 6.1
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits