CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2019-11018 CRITICAL
ThinkAdmin V4.0 - Improper Authentication via Persistent Cookie
CVSS 9.8
CVE-2019-10884 HIGH
Uniqkey Password Manager 1.14 - Improper Authentication via Domain/Subdomain Confusion
CVSS 8.8
CVE-2019-10273 MEDIUM
ManageEngine ServiceDesk Plus 9.3 - Authenticated User Enumeration via Login Page
CVSS 4.3
CVE-2019-5890 HIGH
OverIT Geocall 6.3 before build 2:346977 - Authenticated Improper Authentication
CVSS 8.8
CVE-2019-10661 CRITICAL
Grandstream GXV3611IR_HD Firmware < 1.0.3.23 - Unauthenticated Root Access via Default Credentials
CVSS 9.8
CVE-2019-6481 HIGH
Abine Blur 7.8.2431 - Authentication Bypass via Forgotten Dev Menu
CVSS 7.5
CVE-2019-1759 MEDIUM
Cisco IOS XE - Unauthenticated Access Control Bypass via Gigabit Ethernet Management Interface
CVSS 5.3
CVE-2019-1758 MEDIUM
Cisco IOS - Unauthenticated Network Access via 802.1x Packet Handling
CVSS 4.7
CVE-2019-3878 HIGH
mod_auth_mellon <0.14.2 - Auth Bypass
CVSS 8.1
CVE-2019-6441 CRITICAL
Coship RT3050 RT3052 RT7620 WM3300 - Unauthenticated Admin Password Reset via apply.cgi
CVSS 9.8
CVE-2019-3775 HIGH
Cloud Foundry UAA < 70.0 - Authenticated User Impersonation via Email Address Spoofing
CVSS 7.1
CVE-2019-7392 CRITICAL
CA Privileged Access Manager 3.x - Info Disclosure
CVSS 9.1
CVE-2019-9124 CRITICAL
D-Link DIR-878 1.12B01 - Unauthenticated Bypass via Blank Password
CVSS 9.8
CVE-2019-1666 MEDIUM
Cisco HyperFlex HX Data Platform < 3.5(2a) - Unauthenticated Data Retrieval via Graphite Service
CVSS 5.3
CVE-2019-1664 HIGH
Cisco HyperFlex HX Data Platform < 3.5(2a) - Unauthenticated Privilege Escalation via hxterm Service
CVSS 7.8
CVE-2019-1662 HIGH
Cisco Prime Collaboration Assurance < 12.1 SP2 - Unauthenticated Improper Authentication via QOVR Service
CVSS 8.2
CVE-2019-5909 CRITICAL
YOKOGAWA CENTUM VP R5.01.00-R6.06.00, ProSafe-RS R3.01.00-R4.04.00 - Improper Authentication
CVSS 9.8
CVE-2019-6527 CRITICAL
PR100088 Modbus Gateway Firmware < r02 - Unauthenticated Admin Password Change
CVSS 9.8
CVE-2019-3825 MEDIUM
gnome_display_manager < 3.31.4 - Unauthenticated Lock Screen Bypass via Timed Login
CVSS 6.3
CVE-2019-3820 MEDIUM
gnome-shell 3.15.91-3.30.3 - Improper Authentication via Lock Screen Bypass
CVSS 4.3
CVE-2019-6521 HIGH
Advantech WebAccess/SCADA 8.3 - Authentication Bypass
CVSS 8.6
CVE-2019-6519 CRITICAL
Advantech WebAccess/SCADA 8.3 - Authentication Bypass and Arbitrary File Upload
CVSS 9.8
CVE-2019-3584 HIGH
Mcafee Mvision Endpoint < 18.11.31.62 - Authentication Bypass
CVSS 7.4
CVE-2019-0622 MEDIUM
Skype for Android <8.35 - Privilege Escalation
CVSS 4.6
CVE-2019-0543 HIGH KEV
Windows - Elevation of Privilege via Improper Authentication Handling
CVSS 7.8
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits