CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2018-9148 CRITICAL
Western Digital My Cloud Firmware v04.05.00-320 - Authentication Bypass via Session Token in Filename
CVSS 9.8
CVE-2018-4841 CRITICAL
TIM 1531 IRC Firmware < 1.1 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2018-0195 HIGH
Cisco IOS XE < 16.2.2 - Authenticated REST API Authorization Bypass
CVSS 8.8
CVE-2018-0163 MEDIUM
Cisco IOS - Unauthenticated 802.1x Multi-Auth Bypass
CVSS 6.5
CVE-2018-5451 CRITICAL
Philips Alice 6 System <R8.0.2 - Auth Bypass
CVSS 9.8
CVE-2018-9105 HIGH
NordVPN 3.3.10 - Privilege Escalation via Unprotected XPC Service
CVSS 8.8
CVE-2018-1237 CRITICAL
Dell EMC ScaleIO < 2.5 - Improper Authentication in Light Installation Agent
CVSS 9.8
CVE-2018-9032 CRITICAL
D-Link DIR-850L Firmware 1.02-2.06 - Authentication Bypass via SharePort Web Access Portal
CVSS 9.8
CVE-2018-1312 CRITICAL
Apache HTTP Server 2.2.0-2.4.29 - Improper Authentication via Nonce Generation
CVSS 9.8
CVE-2018-7532 CRITICAL
Geutebruck G-Cam/EFD-2250 and TopFD-2125 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2018-8715 HIGH
Embedthis HTTP <7.0.3 - Auth Bypass
CVSS 8.1
CVE-2018-8710 CRITICAL
WooCommerce Products Filter <2.2.0 - RCE
CVSS 9.8
CVE-2018-6328 CRITICAL
Kaseya Unitrends Backup < 10.1 - Unauthenticated Command Injection via /api/hosts Parameter
CVSS 9.8
CVE-2018-0886 HIGH
Microsoft Windows - Remote Code Execution via CredSSP Authentication
CVSS 7.0
CVE-2018-8096 CRITICAL
Datalust Seq <4.2.605 - Auth Bypass
CVSS 9.8
CVE-2018-7750 CRITICAL
Paramiko <2.4.1 - RCE
CVSS 9.8
CVE-2018-6299 CRITICAL
Hanwha Techwin Smartcams - Authentication Bypass
CVSS 9.8
CVE-2018-6294 CRITICAL
Hanwha Techwin Smartcams - Unauthenticated Firmware Update
CVSS 9.8
CVE-2018-7749 CRITICAL
AsyncSSH < 1.12.1 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2018-7213 CRITICAL
Abine Blur 7.8.242* - Authentication Bypass via Right-Click Context Menu
CVSS 9.8
CVE-2018-7236 HIGH
Schneider Electric Pelco Sarix Professional < 3.29.67 - Unauthenticated SSH Service Enablement via /login/bin/set_param
CVSS 8.1
CVE-2018-7228 CRITICAL
Schneider Electric Pelco Sarix Professional < 3.29.67 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2018-7227 MEDIUM
Schneider Electric Pelco Sarix Professional < 3.29.67 - Unauthenticated Sensitive Information Exposure via Crafted URL
CVSS 5.3
CVE-2018-1443 MEDIUM
IBM Security Access Manager 9.0.0-9.0.4 & Tivoli Federated Identity Manager 6.0.2-6.2 - SAML User Impersonation
CVSS 5.9
CVE-2018-0087 MEDIUM
Cisco AsyncOS for WSA - Unauthenticated FTP Login via Incorrect Credential Validation
CVSS 5.6
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits