CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2019-5449 MEDIUM
Nextcloud Server < 15.0.1 - Unauthorized Calendar Event Name Disclosure
CVSS 4.3
CVE-2019-11202 CRITICAL
Rancher 2.0.0-2.0.13, 2.1.0-2.1.8, 2.2.0-2.2.1 - Unauthenticated Default Admin Account Recreation
CVSS 9.8
CVE-2019-1020018 HIGH
Discourse <2.3.0, <2.4.0.beta3 - Info Disclosure
CVSS 7.3
CVE-2019-1917 CRITICAL
Cisco Vision Dynamic Signage Director - Unauthenticated Authentication Bypass via REST API
CVSS 9.1
CVE-2019-10966 MEDIUM
GE Aestiva and Aespire 7100 and 7900 - Unauthenticated Remote Configuration Modification and Alarm Silencing
CVSS 5.3
CVE-2019-9629 CRITICAL
Sonatype Nexus Repository Manager <3.17.0 - Info Disclosure
CVSS 9.8
CVE-2019-13372 CRITICAL
D-Link Central WiFi Manager < 1.03 - Unauthenticated Remote Code Execution via Cookie Injection
CVSS 9.8
CVE-2019-5964 HIGH
iDoors Reader < 2.10.17 - Unauthenticated Authentication Bypass
CVSS 8.8
CVE-2019-13294 CRITICAL
AROX School-ERP Pro - Unauthenticated Remote Code Execution via import_stud.php and upload_fille.php
CVSS 9.8
CVE-2019-12845 MEDIUM
JetBrains TeamCity < 2018.2.3 - Improper Authentication via Unencrypted Kotlin DSL Connection
CVSS 5.3
CVE-2019-7666 HIGH
Prima Systems FlexAir <2.3.38 - Auth Bypass
CVSS 8.8
CVE-2019-10964 HIGH
Medtronic MiniMed 508 and Paradigm Firmware - Improper Access Control via Wireless RF Communication
CVSS 7.1
CVE-2019-7226 HIGH
ABB PB610 Panel Builder 600 Firmware >=1.91 <2.8.0.367 - Unauthenticated Authentication Bypass via /cgi/loginDefaultUser
CVSS 8.8
CVE-2019-11272 HIGH
Spring Security 4.2.x < 4.2.13 - Authentication Bypass via Null Password
CVSS 7.3
CVE-2019-10689 MEDIUM
Polycom VVX UCS < 5.9.2 and BToE < 3.9.1 - Insufficient Authentication and Information Leakage
CVSS 6.5
CVE-2019-2018 HIGH
Android 8.1-9 - Improper Authentication Bypass in DevicePolicyManagerService
CVSS 8.8
CVE-2019-11232 CRITICAL
BiYan 1.57-2.8 - Unauthenticated User Information Leak via EMP_NO Parameter
CVSS 9.8
CVE-2019-10998 MEDIUM
Phoenix Contact AXC F 2152 and AXC F 2152 STARTERKIT < 2019.0 LTS - Authentication Bypass via SD Card Manipulation
CVSS 6.8
CVE-2019-7579 HIGH
Linksys WRT1900ACS <1.0.3.187766 - Info Disclosure
CVSS 7.5
CVE-2019-10157 MEDIUM
Keycloak's Node.js adapter <4.8.3 - Privilege Escalation
CVSS 4.7
CVE-2019-10150 MEDIUM
OpenShift Container Platform <4.6.0 - Open Redirect
CVSS 5.9
CVE-2019-1842 MEDIUM
Cisco IOS XR Firmware - Authenticated SSH Authentication Bypass via Username Sequence Manipulation
CVSS 5.4
CVE-2019-5298 MEDIUM
Huawei AP <V200R009C00SPC800 - Auth Bypass
CVSS 6.8
CVE-2019-12564 CRITICAL
DouPHP v1.5 Release 20190516 - Unauthenticated Database Backup File Exposure via Brute-Force Guessing
CVSS 9.8
CVE-2019-12530 CRITICAL
glpi_dashboard < 0.9.7 - Improper Access Control in front/sh Endpoints
CVSS 9.8
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits