CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2019-12440 CRITICAL
Sitecore Rocks < 2.1.149 - Unauthenticated Remote Code Execution via Hard Rocks Service
CVSS 9.8
CVE-2019-12395 MEDIUM
Webbukkit Dynmap <3.0-beta-3 - Info Disclosure
CVSS 5.3
CVE-2019-12300 CRITICAL
Buildbot <1.8.2, <2.3.1 - Auth Bypass
CVSS 9.8
CVE-2019-6814 CRITICAL
NET55XX Encoder Firmware < 2.1.9.7 - Improper Authentication
CVSS 9.8
CVE-2019-8443 HIGH
Jira < 7.13.4, 8.0.0-8.0.4, 8.1.0-8.1.1 - Improper Authentication via ViewUpgrades Resource
CVSS 8.1
CVE-2019-10911 HIGH
Sensiolabs Symfony < 2.7.51 - Authentication Bypass
CVSS 7.5
CVE-2019-8978 HIGH
Ellucian Banner Enterprise Identity Services - Race Condition
CVSS 8.1
CVE-2019-7218 MEDIUM
Citrix ShareFile <19.23 - Auth Bypass
CVSS 5.9
CVE-2019-1867 CRITICAL
Cisco Elastic Services Controller 4.1-4.4 - Unauthenticated Authentication Bypass via REST API
CVSS 10.0
CVE-2019-1724 HIGH
Cisco RV320 and RV325 - Unauthenticated Session Hijacking via Crafted HTTP Request
CVSS 8.8
CVE-2019-3927 CRITICAL
Crestron AM-100 and AM-101 - Unauthenticated Password Change via SNMP OID
CVSS 9.8
CVE-2019-11576 CRITICAL
Gitea < 1.8.0 - Improper Authentication via 2FA Bypass
CVSS 9.8
CVE-2019-11488 HIGH
SimplyBook.me Enterprise <2019-04-23 - Info Disclosure
CVSS 8.1
CVE-2019-11081 CRITICAL
Dentsply Sirona Sidexis <= 4.3.1 - Default Credentials Authentication Bypass
CVSS 9.8
CVE-2019-11234 CRITICAL
FreeRADIUS < 3.0.19 - Authentication Spoofing via Reflection
CVSS 9.8
CVE-2019-11015 MEDIUM
MIUI 10.1.3.0 - Unauthenticated Lockscreen Bypass via Wallpaper Carousel
CVSS 6.8
CVE-2019-10643 CRITICAL
Contao 4.7.0-4.7.2 - Improper Authentication via Expired Key Reuse
CVSS 9.8
CVE-2019-9499 HIGH
hostapd and wpa_supplicant < 2.4 - Origin Validation Error in EAP-PWD Commit
CVSS 8.1
CVE-2019-9498 HIGH
hostapd and wpa_supplicant <= 2.4 - Authentication Bypass via Invalid EAP-PWD Scalar/Element Values
CVSS 8.1
CVE-2019-9497 HIGH
hostapd & wpa_supplicant <SAE - Auth Bypass
CVSS 8.1
CVE-2019-9496 HIGH
hostapd and wpa_supplicant < 2.7 - Denial of Service via SAE Confirm Message
CVSS 7.5
CVE-2019-3798 MEDIUM
Cloud Foundry CAPI Release < 1.79.0 - Authenticated Privilege Escalation via UAA Client Name Spoofing
CVSS 6.0
CVE-2019-0282 MEDIUM
SAP NetWeaver Process Integration - Unauthenticated Information Disclosure in Runtime Workbench
CVSS 5.3
CVE-2019-5426 MEDIUM
Ubiquiti Networks EdgeSwitch X <1.1.0 - RCE
CVSS 4.8
CVE-2019-8990 HIGH
TIBCO ActiveMatrix BusinessWorks <= 6.4.2 - Unauthenticated Request Processing via HTTP Basic Authentication Bypass
CVSS 8.1
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits