CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2018-6011 HIGH
RainMachine Mini-8 (2nd gen) - Info Disclosure
CVSS 8.1
CVE-2018-18891 HIGH
MiniCMS 1.10 - Unauthenticated File Deletion via /mc-admin/post.php
CVSS 7.5
CVE-2018-16467 MEDIUM
Nextcloud Server < 14.0.0 - Unauthenticated Access to Password-Protected Share Previews
CVSS 5.3
CVE-2018-16465 MEDIUM
Nextcloud Server < 14.0.0 - Improper Authentication via Second Factor Provider Failure
CVSS 5.3
CVE-2018-16464 MEDIUM
Nextcloud Server < 14.0.0 - Unauthenticated Continued Access to Password-Protected Link Shares
CVSS 5.7
CVE-2018-17923 MEDIUM
sagaradio saga1-l8b_firmware < a0.10 - Improper Authentication
CVSS 6.9
CVE-2018-15751 CRITICAL
SaltStack Salt < 2017.7.8 and 2018.3.x < 2018.3.3 - Unauthenticated Remote Code Execution via salt-api
CVSS 9.8
CVE-2018-18014 MEDIUM
Citrix XenMobile Server < 10.8.0 - Unauthenticated Remote Code Execution via Private Service Ports
CVSS 4.8
CVE-2018-12667 CRITICAL
SV3C H.264 POE IP Camera Firmware - Unauthenticated Improper Authentication
CVSS 9.8
CVE-2018-12666 CRITICAL
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B - Auth Bypass
CVSS 9.8
CVE-2018-1822 CRITICAL
IBM FlashSystem 900 and 840 Firmware - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2018-7989 MEDIUM
Huawei Mate 10 pro <BLA-AL00B 8.1.0.326(C00) - Auth Bypass
CVSS 4.6
CVE-2018-7076 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 9.8
CVE-2018-10933 CRITICAL
libssh Authentication Bypass Scanner
CVSS 9.1
CVE-2018-18389 CRITICAL
Neo4j Enterprise Database Server 3.4.0-3.4.8 - Improper Authentication via LDAP STARTTLS Bypass
CVSS 9.8
CVE-2018-17534 MEDIUM
Teltonika RUT9XX <00.04.233 - Privilege Escalation
CVSS 6.8
CVE-2018-1738 HIGH
IBM Security Key Lifecycle Manager 2.6-2.6.0.3, 2.7, 3.0 - Authenticated Improper Authentication
CVSS 7.1
CVE-2018-18061 HIGH
tecrail Responsive FileManager 9.8.1 - Unauthenticated File Upload and Deletion via dialog.php
CVSS 7.5
CVE-2018-16738 LOW
tinc 1.0.30-1.0.34 - Improper Authentication
CVSS 3.7
CVE-2018-16737 MEDIUM
tinc < 1.0.30 - Improper Authentication
CVSS 5.3
CVE-2018-13789 HIGH
Descor Infocad FM <3.1.0.0 - Info Disclosure
CVSS 7.5
CVE-2018-12455 HIGH
Intelbras NPLUG 1.0.0.14 - Auth Bypass
CVSS 8.1
CVE-2018-0053 MEDIUM
Juniper Junos OS < 15.1X49-D30 on vSRX - Unauthenticated Authentication Bypass
CVSS 6.8
CVE-2018-0052 HIGH
Junos OS Multiple Versions - Unauthenticated Remote Root Access
CVSS 7.2
CVE-2018-0044 CRITICAL
Juniper Junos 18.1r1-18.1r3 - Unauthenticated Remote Access via Empty Password SSHD Configuration
CVSS 9.8
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits