CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2017-1002024 MEDIUM
Kind Editor <4.1.12 - Unauthenticated RCE
CVSS 4.3
CVE-2017-1520 LOW
IBM DB2 9.7, 10.1, 10.5, and 11.1 - Improper Authentication
CVSS 3.7
CVE-2017-14337 HIGH
MISP < 2.4.80 - Unauthenticated Arbitrary User Access via CertAuth with External API
CVSS 8.1
CVE-2017-7650 MEDIUM
Mosquitto < 1.4.12 - Improper Authentication via Username/Client ID Bypass
CVSS 6.5
CVE-2017-7649 CRITICAL
Eclipse Kura < 2.1.0 - Unauthenticated Remote Command Execution via Equinox Console
CVSS 9.8
CVE-2017-12225 MEDIUM
Cisco Prime LAN Management Solution - Session Fixation
CVSS 6.5
CVE-2017-12213 MEDIUM
Cisco IOS XE on Catalyst 4000 - Unauthenticated 802.1x Bypass via Dynamic ACL
CVSS 4.3
CVE-2017-14147 CRITICAL
FiberHome User End Router AN1020-25 - Info Disclosure
CVSS 9.8
CVE-2017-14117 MEDIUM
AT&T U-verse Firmware 9.2.2h0d83 - Unauthenticated Intranet Proxy Access via WAN Port 49152
CVSS 5.9
CVE-2017-14032 HIGH
ARM mbed TLS < 1.3.21 and 2.x < 2.1.9 - Authentication Bypass via X.509 Certificate Chain
CVSS 8.1
CVE-2017-12698 CRITICAL
Advantech WebAccess < 8.2 - Authentication Bypass
CVSS 9.8
CVE-2017-7934 MEDIUM
OSIsoft PI Server 2017 PI Data Archive < 2017 - Improper Authentication via PI Network Manager
CVSS 5.9
CVE-2017-7930 HIGH
OSIsoft PI Server 2017 PI Data Archive < 2017 - Improper Authentication
CVSS 7.4
CVE-2017-7557 HIGH
dnsdist 1.1.0 - Improper Authentication for REST API
CVSS 8.8
CVE-2017-7420 CRITICAL
Micro Focus Enterprise Developer & Server <2.3 - Auth Bypass
CVSS 9.8
CVE-2017-6781 MEDIUM
Cisco Policy Suite - Privilege Escalation
CVSS 5.3
CVE-2017-7546 CRITICAL
PostgreSQL <9.2.22-9.6.4 - Privilege Escalation
CVSS 9.8
CVE-2017-9370 HIGH
BlackBerry Workspaces Server - Info Disclosure/Privilege Escalation
CVSS 8.8
CVE-2017-11151 CRITICAL
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Unauthenticated Arbitrary File Upload via synotheme_upload.php
CVSS 9.8
CVE-2017-9939 CRITICAL
Siemens SiPass integrated < V2.70 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2017-6871 MEDIUM
Siemens SIMATIC WinCC Sm@rtClient - Auth Bypass
CVSS 5.4
CVE-2017-6869 CRITICAL
Siemens ViewPort for Web Office Portal <1453 - RCE
CVSS 9.8
CVE-2017-12478 CRITICAL
Unitrends UEB http api remote code execution
CVSS 9.8
CVE-2017-12477 CRITICAL
Unitrends UEB bpserverd authentication bypass RCE
CVSS 9.8
CVE-2017-9630 CRITICAL
PDQ Manufacturing - Improper Authentication
CVSS 9.4
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits