CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2018-14008 MEDIUM
Arista EOS < 4.21.0F - Denial of Service via 802.1x Authentication Mishandling
CVSS 6.5
CVE-2018-20954 HIGH
Mailpile - Improper Authentication in Encryption Key Validation
CVSS 7.5
CVE-2018-1987 HIGH
IBM Spectrum Protect <8.1 - Info Disclosure
CVSS 7.8
CVE-2018-20937 MEDIUM
cPanel 61.9999.55-62.0.38 - Improper Authentication during Database Rename
CVSS 4.3
CVE-2018-20924 MEDIUM
cPanel 61.9999.55-70.0.22 - Unauthenticated Arbitrary File Read and Delete via WHM Style Uploads
CVSS 5.5
CVE-2018-20888 MEDIUM
cPanel 69.9999.122-70.0.53 - Improper Authentication
CVSS 5.5
CVE-2018-17213 HIGH
PrinterOn Central Print Services < 4.1.4 - Unauthenticated Authentication Bypass
CVSS 8.8
CVE-2018-13927 HIGH
Qualcomm Snapdragon Firmware - Improper Authentication via Parallel Image Loading
CVSS 7.8
CVE-2018-18095 MEDIUM
Intel SSD DC S4500 and S4600 Firmware < SCV10150 - Unauthenticated Privilege Escalation via Physical Access
CVSS 6.8
CVE-2018-11426 CRITICAL
Moxa OnCell G3100-HSPA Series < 1.4 - Unauthenticated Authentication Bypass via Weak Cookie Parameter
CVSS 9.8
CVE-2018-14868 MEDIUM
Odoo 9.0 - Authenticated Password Change via RPC Call
CVSS 6.5
CVE-2018-15556 CRITICAL
Actiontec WEB6000Q Firmware 1.1.02.22 - Unauthenticated Root Access via UART
CVSS 9.8
CVE-2018-18877 HIGH
Columbia Weather MicroServer MS_2.6.9900 Authenticated Bypass via Alt Config
CVSS 8.8
CVE-2018-19999 HIGH
SolarWinds Serv-U FTP Server 15.1.6.25 - Privilege Escalation
CVSS 7.8
CVE-2018-7123 HIGH
HPE Intelligent Management Center < 7.3 E0506P09 - Remote Denial of Service
CVSS 7.5
CVE-2018-7121 CRITICAL
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - Remote Code Execution
CVSS 9.8
CVE-2018-18571 CRITICAL
Citrix XenMobile Server 10.8.0-10.9.0 - Incorrect Access Control
CVSS 9.1
CVE-2018-12013 HIGH
Snapdragon Auto et al - Info Disclosure
CVSS 7.8
CVE-2018-11271 CRITICAL
Qualcomm Snapdragon Firmware - Improper Authentication in Remote Command Handling
CVSS 9.8
CVE-2018-7847 CRITICAL
Modicon M580/M340/Quantum/Premium Firmware - DoS & Code Execution via Modbus Overwrite
CVSS 9.8
CVE-2018-13990 HIGH
PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx < 1.35 - Improper Restriction of Excessive Authentication Attempts
CVSS 8.6
CVE-2018-16219 HIGH
AudioCodes 405HD Firmware 2.2.12 - Unauthenticated Admin Password Change via Web Interface
CVSS 8.8
CVE-2018-1317 HIGH
Apache Zeppelin < 0.8.0 - Unauthenticated Arbitrary Paragraph Execution via Cron Scheduler
CVSS 8.8
CVE-2018-16877 HIGH
Pacemaker <2.0.0 - Privilege Escalation
CVSS 7.8
CVE-2018-0382 MEDIUM
Cisco Wireless LAN Controller 8.1/8.5 - Session Hijack via Session ID Mismanagement
CVSS 5.3
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits