CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2018-19505 MEDIUM
BMC Remedy 7.1 - Privilege Escalation
CVSS 6.5
CVE-2018-19937 MEDIUM
VideoLAN VLC media player <3.1.5 - Auth Bypass
CVSS 6.6
CVE-2018-19616 HIGH
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Client-Side Access Control Bypass to Administrator Manipulation
CVSS 8.1
CVE-2018-17957 LOW
SUSE Repository Mirroring Tool < 1.1.2 - Sensitive Information Exposure via Process Commandline
CVSS 3.4
CVE-2018-20422 HIGH
DiscuzX 3.4 - Authentication Bypass via WeChat Login Plugin
CVSS 8.1
CVE-2018-20342 MEDIUM
Floureon SP012 - Unauthenticated Root Shell Access via UART Serial Interface
CVSS 6.8
CVE-2018-15721 CRITICAL
Logitech Harmony Hub Firmware < 4.15.206 - Authentication Bypass via XMPP Request
CVSS 9.8
CVE-2018-1778 HIGH
IBM API Connect 5.0.8.0-5.0.8.4 - Authentication Bypass via Exposed AccessToken Model
CVSS 7.7
CVE-2018-17777 CRITICAL
D-Link DVA-5592 A1_WI_20180823 - Auth Bypass
CVSS 9.8
CVE-2018-13804 HIGH
SIMATIC IT LMS and Production Suite - Improper Authentication
CVSS 8.1
CVE-2018-13816 CRITICAL
TIM 1531 IRC Firmware < 2.0 - Unauthenticated Improper Access Control on Port 102/tcp
CVSS 10.0
CVE-2018-7067 HIGH
Aruba ClearPass Policy Manager < 6.6.10 - Remote Authentication Bypass via API Call
CVSS 7.2
CVE-2018-14709 CRITICAL
Drobo 5N2 NAS <4.0.5-13.28.96115 - Auth Bypass
CVSS 9.8
CVE-2018-14708 CRITICAL
Drobo 5N2 NAS <4.0.5-13.28.96115 - Info Disclosure
CVSS 9.8
CVE-2018-14637 MEDIUM
Keycloak <4.6.0.Final - Info Disclosure
CVSS 6.1
CVE-2018-7958 HIGH
Huawei eSpace 7950 Firmware - Unauthenticated Man-in-the-Middle via Anonymous TLS Cipher Suites
CVSS 7.4
CVE-2018-19458 HIGH
php-proxy 3.0.3 - Unauthenticated Local File Inclusion via index.php q Parameter
CVSS 7.5
CVE-2018-16160 HIGH
SecureCore 2.x - Unauthenticated Authentication Bypass
CVSS 7.8
CVE-2018-7358 MEDIUM
ZTE ZXHN H168N Firmware V2.2.0_PK1.2T5 V2.2.0_PK1.2T2 V2.2.0_PK11T7 V2.2.0_PK11T - Improper Authentication
CVSS 6.5
CVE-2018-3696 MEDIUM
Intel RAID Web Console 3 < 4.186 - Authentication Bypass via Local Access
CVSS 5.5
CVE-2018-2483 MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.2 - HTTP Verb Tampering in Central Management Console
CVSS 4.3
CVE-2018-7910 MEDIUM
Huawei ALP-AL00B ALP-TL00B BLA-AL00B BLA-L09C BLA-L29C Firmware - Authentication Bypass
CVSS 6.8
CVE-2018-19076 CRITICAL
Opticam i5 and Foscam C2 - Improper Authentication via FTP and RTSP Services
CVSS 9.8
CVE-2018-17918 CRITICAL
Circontrol CirCarLife < 4.3.1 - Authentication Bypass via Specific Page URL
CVSS 9.8
CVE-2018-6908 CRITICAL
RainMachine Mini-8 and Touch HD 12 Firmware 4.0.539-4.0.975 - Unauthenticated Authentication Bypass via Host Header
CVSS 9.8
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits