CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2018-15543 MEDIUM
Telegram 4.8.11 - Authentication Bypass via FingerprintManager Callback
CVSS 6.8
CVE-2018-15542 MEDIUM
Telegram 4.8.11 - Authentication Bypass via Runtime Manipulation
CVSS 6.4
CVE-2018-14080 HIGH
D-Link DIR-809 A1 < 1.09, A2 < 1.11, Guest Zone < 1.09 - Unauthenticated Configuration File Download
CVSS 7.5
CVE-2018-15371 MEDIUM
Cisco IOS XE - Authenticated Improper Access Control via Shell Access Request Mechanism
CVSS 6.7
CVE-2018-0435 CRITICAL
Cisco Umbrella - Insufficient Authentication in API Interface
CVSS 9.1
CVE-2018-0505 MEDIUM
MediaWiki 1.27.0-1.27.4 and 1.31.0 - Improper Authentication via BotPasswords CentralAuth Bypass
CVSS 6.5
CVE-2018-12472 HIGH
SUSE Linux SMT <3.0.37 - Auth Bypass
CVSS 7.3
CVE-2018-6689 HIGH
McAfee Data Loss Prevention Endpoint 10.0.0-10.0.509 and 11.0.0-11.0.599 - Authentication Bypass
CVSS 7.8
CVE-2018-14826 CRITICAL
Entes EMG12 < 2.57 - Authentication Bypass via Crafted URL
CVSS 9.8
CVE-2018-17786 CRITICAL
D-Link DIR-823G Firmware - Unauthenticated Remote Code Execution via ExportSettings.sh
CVSS 9.8
CVE-2018-1672 MEDIUM
IBM WebSphere Portal - Privilege Escalation
CVSS 5.0
CVE-2018-9080 MEDIUM
Lenovo StorCenter and EMC NAS Firmware - Session Fixation via Iomega Cookie
CVSS 5.9
CVE-2018-7108 MEDIUM
HPE StorageWorks XP7 Automation Director 8.5.2-02-8.6.1-00 - Authentication Bypass
CVSS 5.9
CVE-2018-1539 MEDIUM
IBM Rational Engineering Lifecycle Manager 5.0-5.02 and 6.0-6.0.6 - Authentication Bypass via Direct Request
CVSS 5.4
CVE-2018-17341 HIGH
BigTree CMS 4.2.23 - Unauthenticated Authentication Bypass via Path Traversal
CVSS 8.1
CVE-2018-12169 HIGH
Intel Core Processor - Info Disclosure
CVSS 7.6
CVE-2018-14643 CRITICAL
Foreman smart_proxy_dynflow 0.2.0 - Unauthenticated Remote Code Execution via Authentication Bypass
CVSS 9.8
CVE-2018-12242 CRITICAL
Symantec Messaging Gateway <10.6.6 - Auth Bypass
CVSS 9.8
CVE-2018-16670 MEDIUM
CIRCONTROL CirCarLife <4.3 - Info Disclosure
CVSS 5.3
CVE-2018-16668 MEDIUM
CIRCONTROL CirCarLife <4.3 - Info Disclosure
CVSS 5.3
CVE-2018-17153 CRITICAL
Western Digital My Cloud <2.30.196 - Auth Bypass
CVSS 9.8
CVE-2018-11787 HIGH
Apache Karaf < 3.0.9 - Unauthenticated Remote Command Execution via Pax Web Extender Whiteboard
CVSS 8.1
CVE-2018-16286 CRITICAL
LG SuperSign CMS - Authentication Bypass via CAPTCHA Cookie
CVSS 9.8
CVE-2018-7572 MEDIUM
Pulse Secure Desktop < 5.3R5 and 9.0R1 - Authentication Bypass via Crafted Proxy Server
CVSS 6.8
CVE-2018-1773 MEDIUM
IBM Datacap 9.1.1, 9.1.3, 9.1.4 - Authenticated Authentication Bypass
CVSS 4.3
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits