CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2018-7058 CRITICAL
Aruba ClearPass Policy Manager 6.6.0-6.6.8 - Authentication Bypass
CVSS 9.8
CVE-2018-10603 CRITICAL
Martem TELEM GW6 and GWM Firmware < 2018.04.18-linux_4-01-601cb47 - Unauthenticated Remote Control via IEC-104 Commands
CVSS 9.8
CVE-2018-7947 LOW
Huawei mobile phones <Emily-AL00A 8.1.0.153(C00) - Auth Bypass
CVSS 3.9
CVE-2018-1638 MEDIUM
IBM API Connect <5.0.9 - Info Disclosure
CVSS 5.9
CVE-2018-10847 MEDIUM
prosody < 0.10.2, < 0.9.14 - Authentication Bypass via Stream Restart
CVSS 4.2
CVE-2018-6686 MEDIUM
McAfee Drive Encryption >= 7.1.0 - Authentication Bypass via TPM Autoboot
CVSS 6.6
CVE-2018-11491 CRITICAL
ASUS HG100 Firmware < 1.05.12 - Unauthenticated Remote Command Execution
CVSS 9.8
CVE-2018-8859 CRITICAL
Echelon SmartServer <4.11.007, i.LON 100 - Auth Bypass
CVSS 9.8
CVE-2018-5387 HIGH
Wizkunde SAMLBase - Info Disclosure
CVSS 7.5
CVE-2018-12804 CRITICAL
Adobe Connect < 9.7.5 - Authentication Bypass
CVSS 9.8
CVE-2018-14345 HIGH
SDDM <0.17.0 - Privilege Escalation
CVSS 7.5
CVE-2018-8171 HIGH
ASP.NET Core - Security Feature Bypass via Login Attempt Validation
CVSS 7.5
CVE-2018-1129 MEDIUM
Ceph <master,mimic,luminous,jewel - Auth Bypass
CVSS 6.5
CVE-2018-1128 HIGH
Ceph <master,mimic,luminous,jewel - Auth Bypass
CVSS 7.5
CVE-2018-10861 HIGH
Ceph - Authenticated Storage Pool Manipulation and Snapshot Corruption
CVSS 8.1
CVE-2018-3761 HIGH
Nextcloud Server < 12.0.8 - Improper Authentication on OAuth2 Token Endpoint
CVSS 8.1
CVE-2018-11052 CRITICAL
Dell EMC Elastic Cloud Storage 3.2.0.0-3.2.0.1 - Unauthenticated Authentication Bypass via S3 Requests
CVSS 9.8
CVE-2018-4856 MEDIUM
SICLOCK TC100 and TC400 Firmware - Authenticated Denial of Service via User Lockout
CVSS 4.9
CVE-2018-4852 CRITICAL
SICLOCK TC100 and TC400 - Authentication Bypass via Device-Specific Knowledge
CVSS 9.8
CVE-2018-12575 CRITICAL
TP-Link TL-WR841N <v13 - Auth Bypass
CVSS 9.8
CVE-2018-8902 MEDIUM
Ivanti Avalanche 5.3-6.2 - Unauthenticated Sensitive Data Exposure via Shared Encryption Key
CVSS 6.5
CVE-2018-12984 CRITICAL
Hycus CMS 1.0.4 - Authentication Bypass via '=' 'OR' Credentials
CVSS 9.8
CVE-2018-6667 CRITICAL
McAfee Web Gateway 7.8.1.0-7.8.1.5 - Authentication Bypass via JMX
CVSS 10.0
CVE-2018-0528 MEDIUM
Cybozu Office 10.0.0-10.7.0 - Authenticated Authentication Bypass
CVSS 4.3
CVE-2018-12613 HIGH
phpMyAdmin 4.8.x <4.8.2 - Code Injection
CVSS 8.8
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits