CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2018-16947 CRITICAL
OpenAFS <1.6.23, <1.8.2 - Unauthenticated RCE
CVSS 9.8
CVE-2018-15485 CRITICAL
KONE Group Controller Firmware < 4.6.5 - Unauthenticated FTP Access
CVSS 9.1
CVE-2018-16590 CRITICAL
FURUNO FELCOM 250 and 500 - Improper Authentication via Client-Side JavaScript
CVSS 9.8
CVE-2018-15479 MEDIUM
myStrom WiFi Switch/LED Strip/Button < 3.80, Bulb < 2.58 - Improper Device Authentication
CVSS 6.5
CVE-2018-15478 HIGH
myStrom WiFi Switch and Button Firmware - Improper Authentication via MAC Address Activation Code Guessing
CVSS 8.1
CVE-2018-13821 CRITICAL
CA Unified Infrastructure Management 8.4.7, 8.5, 8.5.1 - Unauthenticated Improper Authentication
CVSS 9.8
CVE-2018-7791 CRITICAL
Schneider Electric's Modicon M221 - Privilege Escalation
CVSS 9.8
CVE-2018-14805 CRITICAL
ABB eSOMS 6.0.2 - Unauthenticated Access via LDAP Anonymous Authentication
CVSS 9.8
CVE-2018-15727 CRITICAL
Grafana 2.x-4.x < 4.6.4 and 5.x < 5.2.3 - Authentication Bypass via Remember Me Cookie
CVSS 9.8
CVE-2018-14786 CRITICAL
BD Alaris Plus <2.3.6 - Auth Bypass
CVSS 9.4
CVE-2018-1999045 MEDIUM
Jenkins <2.137-2.121.2 - Auth Bypass
CVSS 5.4
CVE-2018-15667 HIGH
Bloop Airmail 3 3.5.9 - Unauthenticated Arbitrary Email Transmission via URL Scheme Handler
CVSS 7.5
CVE-2018-15598 HIGH
Traefik 1.6.0-1.6.5 - Unauthenticated Information Exposure via API Endpoint
CVSS 7.5
CVE-2018-14078 CRITICAL
Wi2be SMART HP WMT R1.2.20_201400922 - Auth Bypass
CVSS 9.8
CVE-2018-13446 HIGH
LINE 8.8.1 - Authentication Bypass via Runtime Manipulation
CVSS 7.0
CVE-2018-13435 HIGH
LINE 8.8.0 - Authentication Bypass via Passcode Runtime Manipulation
CVSS 7.0
CVE-2018-13434 MEDIUM
LINE 8.8.0 for iOS - Authentication Bypass via LAContext Return Value Override
CVSS 6.3
CVE-2018-15152 CRITICAL
OpenEMR < 5.0.1.4 - Unauthenticated Authentication Bypass via Patient Portal Registration
CVSS 9.1
CVE-2018-2449 HIGH
SAP SRM MDM Catalog 3.73, 7.31, 7.32 - Unauthenticated Improper Authentication in Import Functionality
CVSS 8.6
CVE-2018-14781 MEDIUM
Medtronic MiniMed MMT - Capture-Replay
CVSS 5.3
CVE-2018-11770 MEDIUM
Apache Spark 1.3.0-2.3.3 - Unauthenticated Job Submission via REST API
CVSS 4.2
CVE-2018-3775 HIGH
Nextcloud Server < 12.0.3 - 2 Factor Authentication Bypass via Stolen Credentials
CVSS 8.8
CVE-2018-14782 HIGH
NetComm Wireless NWL-25 Firmware < 2.0.29.11 - Unauthenticated Configuration File Access
CVSS 7.5
CVE-2018-10630 CRITICAL
Crestron TSW-X60 <2.001.0037.001 & MC3 <1.502.0047.001 - Auth Bypass
CVSS 9.8
CVE-2018-7069 HIGH
HPE CentralView Fraud Risk Management < 6.1 - Unauthenticated Remote File Access
CVSS 7.5
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits