CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2017-15295 CRITICAL
SAP Point of Sale Xpress Server - Unauthenticated Arbitrary File Access
CVSS 9.8
CVE-2017-15293 CRITICAL
SAP Point of Sale Xpress Server - Unauthenticated Improper Authentication
CVSS 9.8
CVE-2017-10623 HIGH
Juniper Networks Junos Space < 17.1R1 - Unauthenticated Cluster Message Interception and Injection
CVSS 7.1
CVE-2017-10622 CRITICAL
Juniper Junos Space 16.1-16.1R3 and 17.1R1 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2017-5791 CRITICAL
HPE Intelligent Management Center PLAT 7.2 E0403P06 - Authentication Bypass via URI Manipulation
CVSS 9.8
CVE-2017-14003 CRITICAL
LAVA ESL <6.01.00-29.03.2007 - Auth Bypass
CVSS 9.8
CVE-2017-14972 HIGH
InFocus Mondopad 2.2.08 - Authentication Bypass via Task Manager
CVSS 7.5
CVE-2017-14000 CRITICAL
Ctek SkyRouter <V6.00.11 - Auth Bypass
CVSS 9.4
CVE-2017-13995 CRITICAL
iniNet Solutions iniNet Webserver <V2.02.0100 - Auth Bypass
CVSS 10.0
CVE-2017-1000110 MEDIUM
Blue Ocean < 1.1.5 - Improper Authentication in GitHub Organization Folder Configuration
CVSS 4.3
CVE-2017-1000106 HIGH
Blue Ocean < 1.1.5 - Unauthenticated Arbitrary Commit and File Read via SCM Content REST API
CVSS 8.5
CVE-2017-12819 CRITICAL
Sentinel LDK RTE < 7.55 - Improper Authentication via Language Pack Updater
CVSS 9.8
CVE-2017-13984 MEDIUM
HPE BSM <9.26-9.40 - Path Traversal
CVSS 6.5
CVE-2017-13983 CRITICAL
HPE BSM Platform APM System Health 9.26, 9.30, 9.40 - Authentication Bypass
CVSS 9.8
CVE-2017-12236 CRITICAL
Cisco IOS XE 3.2-16.5 - Unauthenticated Authentication Bypass via LISP Map-Registration Request
CVSS 9.8
CVE-2017-12229 CRITICAL
Cisco IOS XE 3.1-16.5 - Unauthenticated Authentication Bypass via REST API
CVSS 9.8
CVE-2017-14766 HIGH
WordPress Simple Student Result <1.6.4 - Auth Bypass
CVSS 7.5
CVE-2017-5192 HIGH
SaltStack Salt < 2015.8.13, 2016.3.x < 2016.3.5, 2016.11.x < 2016.11.2 - Authentication Bypass via local_batch Client
CVSS 8.8
CVE-2017-14602 HIGH
Citrix NetScaler <11.1.55.13 - Privilege Escalation
CVSS 7.2
CVE-2017-14706 CRITICAL
DenyAll WAF <6.4.1 - Info Disclosure
CVSS 9.8
CVE-2017-14080 CRITICAL
Trend Micro Mobile Security <9.7.3 - Auth Bypass
CVSS 9.8
CVE-2017-14623 HIGH
go-ldap < 2.5.0 - Improper Authentication via Empty Password
CVSS 8.1
CVE-2017-10784 HIGH
Ruby < 2.2.8, 2.3.x < 2.3.5, 2.4.x <= 2.4.1 - Command Injection via WEBrick Basic Authentication
CVSS 8.8
CVE-2017-9803 HIGH
Apache Solr 6.2.0-6.6.0 - Privilege Escalation via Kerberos Delegation Token Configuration
CVSS 7.5
CVE-2017-14243 CRITICAL
UTStar WA3002G4 ADSL Broadband Modem - Auth Bypass
CVSS 9.8
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits