CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287

CVE-2018-7941 HIGH

Huawei iBMC V200R002C60 - Auth Bypass

CVSS 8.8

CVE-2018-7940 MEDIUM

Huawei Mate 10/Mate 10 Pro <8.0.0.129 - Auth Bypass

CVSS 6.2

CVE-2018-6020 MEDIUM

Silex SD-320AN <2.01, GEH-SD-320AN <GEH-1.1, GEH-500 <1.54, SX-500 - Unauthenticated System Settings Modification

CVSS 6.5

CVE-2018-10683 CRITICAL

WildFly 10.1.2.Final - Unauthenticated Access via Missing Security Realm

CVSS 9.8

CVE-2018-10682 CRITICAL

WildFly 10.1.2.Final - Unauthenticated Remote Code Execution via Administration Panel

CVSS 9.8

CVE-2018-10641 HIGH

D-Link DIR-601 A1 1.02NA - Info Disclosure

CVSS 8.1

CVE-2018-10561 CRITICAL KEV

Dasan GPON Router Firmware - Authentication Bypass via URL Parameter Injection

CVSS 9.8

CVE-2018-0247 MEDIUM

Cisco Wireless LAN Controller & Aironet AP Software - WebAuth Authentication Bypass

CVSS 4.7

CVE-2018-10544 CRITICAL

Meross MSS110 <1.1.24 - Info Disclosure

CVSS 9.8

CVE-2018-9232 HIGH

T&W WIFI Repeater BE126 - Unauthenticated Firmware Update via Crafted Firmware

CVSS 7.8

CVE-2018-10576 HIGH

WatchGuard AP100-AP200 <1.2.9.15 - Auth Bypass

CVSS 7.8

CVE-2018-1418 HIGH

IBM Security QRadar SIEM <7.4 - Auth Bypass

CVSS 8.8

CVE-2018-1112 HIGH

glusterfs <3.10.12, 4.0.2 - Auth Bypass

CVSS 8.0

CVE-2018-10362 CRITICAL

phpLiteAdmin <1.9.7.1 - Info Disclosure

CVSS 9.8

CVE-2018-1106 MEDIUM

PackageKit < 1.1.10 - Unauthenticated Package Installation via Signed Package Bypass

CVSS 5.5

CVE-2018-6960 HIGH

VMware Horizon DaaS 7.x < 8.0.0 - Authenticated Two-Factor Authentication Bypass

CVSS 8.8

CVE-2018-0238 CRITICAL

Cisco Unified Computing System Director 6.0-6.5 - Authenticated Info Disclosure & VM Management

CVSS 9.9

CVE-2018-7760 CRITICAL

Schneider Electric Modicon M340 Premium Quantum PLC BMXNOR0200 - Authorization Bypass via CGI Function Requests

CVSS 9.8

CVE-2018-6547 CRITICAL

plays.tv < 1.27.7.0 - Unauthenticated Arbitrary File Write via HTTP Message Parsing

CVSS 9.1

CVE-2018-6546 CRITICAL

plays.tv < 1.27.7.0 - Unauthenticated Remote Code Execution via execute_installer Parameter

CVSS 9.8

CVE-2018-1082 HIGH

Moodle 3.3.0-3.3.4 and 3.4.0-3.4.1 - Improper Authentication

CVSS 8.1

CVE-2018-6873 CRITICAL

auth0.js < 8.10.1 - Improper Authentication via JWT Audience Validation Bypass

CVSS 9.8

CVE-2018-9249 CRITICAL

FiberHome VDSL2 Modem HG 150-UB Firmware - Authentication Bypass via JavaScript Location Ignore

CVSS 9.8

CVE-2018-9248 CRITICAL

FiberHome VDSL2 Modem HG 150-UB Firmware - Authentication Bypass via Cookie Header

CVSS 9.8

CVE-2018-3822 CRITICAL

X-Pack Security 6.2.0-6.2.2 - User Impersonation via XML Canonicalization and DOM Traversal

CVSS 9.8

Details

Vulnerabilities 4,372

Exploit Likelihood High

Links