CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2017-2659 MEDIUM
dropbear_ssh < 2013.59 - Improper Authentication via GSSAPI Username Validation
CVSS 5.3
CVE-2017-13889 CRITICAL
macOS High Sierra < 10.13.3 - Improper Authentication via Credential Validation Logic Error
CVSS 9.8
CVE-2017-3912 MEDIUM
McAfee MACC <7.0.1,6.2.0 - Command Injection
CVSS 4.4
CVE-2017-2872 HIGH
Foscam C1 Indoor HD Camera 2.52.2.43 - Unauthenticated Firmware Upgrade and Command Execution via Crafted Image
CVSS 7.2
CVE-2017-14026 HIGH
Ice Qube Thermal Mgmt Ctr <4.13 - Info Disclosure
CVSS 7.5
CVE-2017-9820 CRITICAL
BHIM 1.3 - Improper Authentication via Accessibility Service
CVSS 9.8
CVE-2017-9819 CRITICAL
BHIM 1.3 - Improper Authentication via OTP Feature
CVSS 9.8
CVE-2017-16348 HIGH
Insteon Hub Firmware 1012 - Unauthenticated Denial of Service via UDP Packet
CVSS 7.5
CVE-2017-16748 CRITICAL
Niagara <3.8 - Privilege Escalation
CVSS 9.8
CVE-2017-2652 HIGH
Jenkins Distributed Fork < 1.5.0 - Authenticated Remote Code Execution via dist-fork CLI Command
CVSS 8.8
CVE-2017-12195 MEDIUM
Openshift Container Platform - Authentication Bypass via Elasticsearch Plugin
CVSS 6.5
CVE-2017-7562 MEDIUM
Red Hat Enterprise Linux - Authentication Bypass via Improper Certificate Validation
CVSS 6.5
CVE-2017-12610 MEDIUM
Apache Kafka 0.10.0.0-0.10.2.1 and 0.11.0.0-0.11.0.1 - Authenticated Impersonation via SASL/PLAIN or SASL/SCRAM
CVSS 6.8
CVE-2017-2638 MEDIUM
Infinispan < 9.0.0 - Unauthenticated Data Access via REST API
CVSS 6.5
CVE-2017-7931 CRITICAL
ABB IP Gateway Firmware < 3.39 - Unauthenticated Configuration File Access
CVSS 9.8
CVE-2017-7639 MEDIUM
QNAP NAS Proxy Server < 1.3.0 - Improper Authentication
CVSS 5.3
CVE-2017-16025 MEDIUM
hapijs nes < 6.4.0 - Denial of Service via Invalid Cookie Header
CVSS 5.9
CVE-2017-9421 MEDIUM
Accellion kiteworks <2017.01.00 - Auth Bypass
CVSS 6.5
CVE-2017-2604 MEDIUM
Jenkins <2.44 - Privilege Escalation
CVSS 4.3
CVE-2017-3775 MEDIUM
Lenovo System x server < - Privilege Escalation
CVSS 6.4
CVE-2017-12712 HIGH
Abbott Pacemaker Firmware - Improper Authentication via RF Communications
CVSS 8.8
CVE-2017-12196 MEDIUM
undertow <1.4.18.SP1-2.0.2.Final - SSRF
CVSS 4.8
CVE-2017-2871 HIGH
Foscam C1 Indoor HD Camera 2.52.2.43 - Unauthenticated Firmware Recovery Bypass
CVSS 8.8
CVE-2017-0356 CRITICAL
ikiwiki < 3.20170111 - Authentication Bypass via Repeated Parameters
CVSS 9.8
CVE-2017-14911 CRITICAL
Qualcomm MDM9206 and Snapdragon Firmware - Improper Authentication in XBL Loader
CVSS 9.8
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits