CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2017-15534 MEDIUM
Norton App Lock < 1.3.0.13 - Authentication Bypass via App Termination
CVSS 6.7
CVE-2017-16242 MEDIUM
MECO USB Memory Stick - Auth Bypass
CVSS 6.8
CVE-2017-17743 MEDIUM
UCOPIA Wireless Appliance Firmware < 4.4.20, 5.0.x < 5.0.19, 5.1.x < 5.1.11 - Privilege Escalation via .bashrc Upload
CVSS 6.7
CVE-2017-14008 CRITICAL
GE Centricity PACS RA1000 - Auth Bypass
CVSS 9.8
CVE-2017-14006 CRITICAL
GE Xeleris - Improper Authentication via Default or Hard-Coded Credentials
CVSS 9.8
CVE-2017-14004 CRITICAL
GE GEMNet License Server - Auth Bypass
CVSS 9.8
CVE-2017-14002 CRITICAL
GE Infinia/Infinia with Hawkeye 4 - Auth Bypass
CVSS 9.8
CVE-2017-2628 CRITICAL
curl < 7.19.7-53 - Improper Authentication
CVSS 9.8
CVE-2017-18223 HIGH
BMC Remedy AR System < 9.1.03 - Improper Authentication
CVSS 8.1
CVE-2017-7638 MEDIUM
QNAP Media Streaming add-on <= 430.1.2.0 - Improper Authentication
CVSS 6.5
CVE-2017-15519 HIGH
SnapCenter 2.0-3.0.1 - Unauthenticated Data Access and Modification via Plug-in for NAS File Services
CVSS 7.2
CVE-2017-9285 MEDIUM
NetIQ eDirectory <9.0 SP4 - Privilege Escalation
CVSS 5.4
CVE-2017-5189 MEDIUM
NetIQ iManager <3.0.3 - Info Disclosure
CVSS 4.3
CVE-2017-12549 MEDIUM
HP System Management Homepage < 7.6.1 - Local Authentication Bypass
CVSS 5.6
CVE-2017-17161 MEDIUM
Huawei <Duke-L09C10B186 - Auth Bypass
CVSS 6.8
CVE-2017-15351 MEDIUM
Huawei Honor V9 Play Firmware < Jimmy-AL00AC00B135 - Authentication Bypass in Find Phone Function
CVSS 6.8
CVE-2017-18179 HIGH
Progress Sitefinity 9.1 - Improper Authentication via Non-Expiring Access Token
CVSS 8.8
CVE-2017-0911 MEDIUM
Twitter Kit for iOS <3.2.1 - Open Redirect
CVSS 5.4
CVE-2017-6199 CRITICAL
sandstorm < 0.203 - Unauthenticated Organization Restriction Bypass via Email-Address Field Comma Injection
CVSS 9.8
CVE-2017-2297 HIGH
Puppet Enterprise <2016.4.5-2017.2.1 - Info Disclosure
CVSS 7.5
CVE-2017-16858 MEDIUM
Atlassian Crowd <3.1.2 - Auth Bypass
CVSS 6.8
CVE-2017-1000354 HIGH
Jenkins <2.56-<2.46.1 LTS - Privilege Escalation
CVSS 8.8
CVE-2017-1783 MEDIUM
IBM Cognos Analytics 11.0 - Improper Authentication
CVSS 4.0
CVE-2017-14698 CRITICAL
ASUS DSL Router Firmware - Unauthenticated Password Change via http_passwd Parameter
CVSS 9.8
CVE-2017-15135 HIGH
389 Directory Server 1.3.6.1-1.4.0.3 - Unauthenticated Authentication Bypass via Internal Hash Comparison
CVSS 8.1
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits