CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2017-15531 CRITICAL
Symantec Reporter 9.5-9.5.4.1 and 10.1-10.1.5.5 - Unauthenticated Brute Force Attack via Management Interface
CVSS 9.8
CVE-2017-16590 HIGH
NetGain Systems Enterprise Manager 7.2.699 - Auth Bypass
CVSS 8.8
CVE-2017-3765 HIGH
Lenovo/IBM RackSwitch/BladeCenter - Auth Bypass
CVSS 7.0
CVE-2017-12695 HIGH
GM Shanghai OnStar iOS Client 7.1 - Improper Authentication
CVSS 8.8
CVE-2017-15883 CRITICAL
Progress Sitefinity 5.1-10.x - Authentication Bypass via Weak Cryptography
CVSS 9.8
CVE-2017-15548 CRITICAL
EMC Avamar Server 7.1.x-7.5.0 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2017-1000489 HIGH
Mautic 2.0.0-2.11.0 - Improper Authentication with Disabled User Login
CVSS 8.1
CVE-2017-1000433 HIGH
pysaml2 < 4.4.0 - Improper Authentication via Python Optimization Mode
CVSS 8.1
CVE-2017-17777 CRITICAL
Paid To Read Script 2.0.5 - Authentication Bypass via Direct Admin Panel Request
CVSS 9.8
CVE-2017-17560 CRITICAL
Western Digital MyCloud PR4100 2.30.172 - Unauthenticated Arbitrary File Write and RCE via Multi Uploadify
CVSS 9.8
CVE-2017-16689 HIGH
SAP Kernel 7.21-7.22, 7.21EXT, 7.22EXT, 7.45, 7.49 - Improper Authentication in Trusted RFC Connection
CVSS 8.8
CVE-2017-16684 CRITICAL
SAP Business Intelligence <4.30 - Auth Bypass
CVSS 9.8
CVE-2017-17430 CRITICAL
Sangoma NetBorder / Vega Session Controller - Remote Code Execution via Web Interface
CVSS 9.8
CVE-2017-17435 HIGH
Vaultek VT20i Firmware - Unauthenticated Remote Unlock via BLE Authorization Bypass
CVSS 8.8
CVE-2017-14018 MEDIUM
Johnson & Johnson Ethicon Endo-Surgery Generator Gen11 - Auth Bypass
CVSS 4.8
CVE-2017-16953 HIGH
ZTE ZXDSL 831CII Firmware - Unauthenticated Configuration Modification via connoppp.cgi
CVSS 7.5
CVE-2017-10903 CRITICAL
Princeton PTW-WMS1 Firmware 2.000.012 - Improper Authentication
CVSS 9.8
CVE-2017-14377 CRITICAL
EMC RSA Authentication Agent for Web - Auth Bypass
CVSS 9.8
CVE-2017-13872 HIGH
Apple <macOS High Sierra - Privilege Escalation
CVSS 8.1
CVE-2017-9316 MEDIUM
Dahua NVR11HS and IPC-HDW4300S Firmware - Authentication Bypass via Debug Function
CVSS 6.5
CVE-2017-0910 HIGH
Zulip Server <1.7.1 - Privilege Escalation
CVSS 8.8
CVE-2017-8028 HIGH
Spring-LDAP 1.3.0-2.3.1 - Improper Authentication via DefaultTlsDirContextAuthenticationStrategy
CVSS 8.1
CVE-2017-8214 MEDIUM
Huawei Multiple Models Firmware - Unauthenticated Unlock Code Verification Bypass
CVSS 6.2
CVE-2017-8195 HIGH
FusionSphere OpenStack V100R006C00SPC102(NFV) - Authenticated Improper Authentication via REST Message
CVSS 8.8
CVE-2017-8194 HIGH
FusionSphere OpenStack >=V100R006C00SPC102(NFV) - Authenticated Improper Authentication via REST Message
CVSS 8.8
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits