CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2018-7340 HIGH
Cisco Duo Network Gateway < 1.2.9 - Authentication Bypass via SAML Signature Manipulation
CVSS 7.5
CVE-2018-12551 HIGH
Eclipse Mosquitto <1.5.5 - Auth Bypass
CVSS 8.1
CVE-2018-19783 CRITICAL
Kentix MultiSensor-LAN <5.63.00 - Auth Bypass
CVSS 9.8
CVE-2018-19392 CRITICAL
Cobham Satcom Sailor 250/500 <1.25 - Unauthenticated RCE
CVSS 9.8
CVE-2018-18256 HIGH
CapMon Access Manager 5.4.1.1005 - Privilege Escalation via Custom App Launcher
CVSS 7.8
CVE-2018-18255 HIGH
CapMon Access Manager < 5.4.1.1005 - Privilege Escalation via Named Pipe Impersonation
CVSS 7.8
CVE-2018-12192 MEDIUM
Intel CSME <11.8.60-12.0.20 - Auth Bypass
CVSS 6.8
CVE-2018-12399 MEDIUM
Firefox < 63.0 - Improper Authentication via Protocol Handler Title Spoofing
CVSS 4.3
CVE-2018-19645 CRITICAL
Solutions Business Manager <11.5 - Auth Bypass
CVSS 9.8
CVE-2018-18505 CRITICAL
Firefox < 65 and Thunderbird < 60.5 - Sandbox Escape via IPC Channel Authentication Bypass
CVSS 10.0
CVE-2018-19000 MEDIUM
LCDS Laquis SCADA < 4.1.0.4150 - Authentication Bypass
CVSS 5.3
CVE-2018-17928 MEDIUM
ABB CMS-770 Firmware < 1.7.1 - Unauthenticated Sensitive Configuration File Exposure
CVSS 6.5
CVE-2018-17926 MEDIUM
ABB ETH-FW Firmware < 1.01 and FW Firmware < 2.22 - Unauthenticated Arbitrary File Upload via Language File Bypass
CVSS 4.3
CVE-2018-17431 CRITICAL
Comodo Unified Threat Management Firewall < 2.7.0 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2018-1668 MEDIUM
IBM Datapower Gateway < 7.5.0.19 - Authentication Bypass
CVSS 5.3
CVE-2018-19023 HIGH
Hetronic Nova-M <r161 - Command Injection
CVSS 8.8
CVE-2018-20735 HIGH
BMC PATROL Agent < 11.3.01 - Unauthenticated Privilege Escalation via PatrolCli
CVSS 7.8
CVE-2018-18814 HIGH
TIBCO Spotfire Analytics Platform for AWS < 10.0.0 and Spotfire Server <= 7.10.1 - Improper Authentication
CVSS 8.8
CVE-2018-16886 HIGH
etcd 3.2.0-3.2.25 and 3.3.0-3.3.10 - Improper Authentication via TLS Certificate Common Name
CVSS 8.1
CVE-2018-5403 HIGH
Imperva SecureSphere v13 - Remote Code Execution via Web Access Management Interface
CVSS 8.1
CVE-2018-0676 HIGH
BN-SDWBP3 Firmware < 1.0.9 - Unauthenticated Authentication Bypass and Remote Command Execution
CVSS 8.8
CVE-2018-0670 CRITICAL
INplc-RT < 3.08 - Unauthenticated Remote Command Execution via Protocol-Compliant Traffic
CVSS 9.8
CVE-2018-0669 CRITICAL
INplc-RT <= 3.08 - Unauthenticated Remote Command Execution via Protocol Traffic
CVSS 9.8
CVE-2018-20675 CRITICAL
D-Link DIR-822/DIR-850L/DIR-880L Authentication Bypass
CVSS 9.8
CVE-2018-19249 HIGH
Stripe API v1 - Improper Authentication via Token Replay
CVSS 7.5
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits