CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2018-0362 MEDIUM
Cisco 5400 Enterprise Network Compute... - Authentication Bypass
CVSS 4.3
CVE-2018-12446 LOW
com.dropbox.android 98.2.2 - Auth Bypass
CVSS 3.6
CVE-2018-12445 LOW
com.dropbox.android 98.2.2 - Auth Bypass
CVSS 3.1
CVE-2018-9024 MEDIUM
Broadcom Privileged Access Manager 2.x - Improper Authentication
CVSS 5.3
CVE-2018-1085 CRITICAL
OpenShift Container Platform < 3.9.31 - Improper Authentication via Misconfigured etcd.conf
CVSS 9.0
CVE-2018-12271 MEDIUM
com.getdropbox.Dropbox app <100.2 - Auth Bypass
CVSS 6.4
CVE-2018-11407 CRITICAL
Symfony 2.8.0-2.8.36 - Unauthenticated Authentication Bypass via Empty LDAP Password
CVSS 9.8
CVE-2018-12049 CRITICAL
Canon LBP6030w Firmware - Unauthenticated System Manager Mode Bypass via /checkLogin.cgi
CVSS 9.8
CVE-2018-12048 CRITICAL
Canon LBP7110Cw Firmware - Unauthenticated Management Mode Bypass via /checkLogin.cgi
CVSS 9.8
CVE-2018-0321 CRITICAL
Cisco Prime Collaboration < 11.6 - Unauthenticated Remote Code Execution via Open RMI Port
CVSS 9.8
CVE-2018-0319 CRITICAL
Cisco Prime Collaboration Provisioning < 11.6 - Unauthenticated Password Recovery Bypass
CVSS 9.8
CVE-2018-0318 CRITICAL
Cisco Prime Collaboration Provisioning < 11.6 - Unauthenticated Password Reset
CVSS 9.8
CVE-2018-10597 HIGH
IntelliVue MP Series - Memory Corruption
CVSS 8.3
CVE-2018-7943 HIGH
Huawei Server Firmware - Authentication Bypass via Special Operations
CVSS 8.8
CVE-2018-10611 CRITICAL
GE MDS PulseNET < 3.2.1 - Unauthenticated Remote Code Execution via Java RMI
CVSS 9.8
CVE-2018-11711 CRITICAL
Canon MF210 and MF220 Firmware - Unauthenticated System Manager Mode Bypass via Portal Top Page
CVSS 9.8
CVE-2018-11692 CRITICAL
Canon LBP3370, LBP3460, LBP7750C, and LBP6650 Firmware - Unauthenticated Administrator Mode Bypass via DevStatus Page
CVSS 9.8
CVE-2018-7949 HIGH
Huawei Server iBMC - Privilege Escalation via Improper Authentication
CVSS 8.8
CVE-2018-11579 MEDIUM
WooCommerce Category Banner Management 1.1.0 - Unauthenticated Settings Change
CVSS 5.3
CVE-2018-11478 HIGH
Vgate iCar 2 Wi-Fi OBD2 Dongle - Unauthenticated Improper Authentication
CVSS 8.8
CVE-2018-8862 LOW
ATI Systems - Auth Bypass
CVSS 3.1
CVE-2018-8898 CRITICAL
D-Link DSL-3782 Firmware - Unauthenticated Authentication Bypass in Login Panel
CVSS 9.8
CVE-2018-0271 CRITICAL
Cisco Digital Network Architecture Center < 1.1.2 - Unauthenticated Authentication Bypass via URL Normalization Issue
CVSS 9.8
CVE-2018-10825 MEDIUM
Mimo Baby 2 Firmware - Unauthenticated Fake Data Injection via BLE Replay or Spoofing
CVSS 5.3
CVE-2018-6617 HIGH
Easy Hosting Control Panel 0.37.12.b - Unauthenticated Password Change via MySQL Local Server
CVSS 7.8
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits