CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2017-7920 HIGH
ABB VSN300 WiFi Logger Card <=1.8.15 & VSN300 for React <=2.1.3 - Unauthenticated Information Disclosure
CVSS 7.5
CVE-2017-6747 CRITICAL
Cisco Identity Services Engine 1.3-2.1.0 - Unauthenticated Authentication Bypass via External User Matching
CVSS 9.8
CVE-2017-9860 CRITICAL
SMA Solar Technology - Privilege Escalation
CVSS 9.8
CVE-2017-9857 HIGH
SMA Solar Technology - Info Disclosure
CVSS 8.1
CVE-2017-10817 CRITICAL
MaLion 5.0.0-5.2.1 - Unauthenticated Authentication Bypass in Relay Service Server
CVSS 9.8
CVE-2017-10815 HIGH
MaLion for Windows/Mac <=5.2.1 - Unauthenticated Remote Command Execution
CVSS 8.1
CVE-2017-9475 MEDIUM
Comcast XFINITY WiFi Home Hotspot - Info Disclosure
CVSS 5.9
CVE-2017-11645 CRITICAL
NetComm Wireless 4GT101W - Info Disclosure
CVSS 9.8
CVE-2017-2126 CRITICAL
WAPM-1166D <1.2.7 & WAPM-APG600H <1.16.1 - Auth Bypass
CVSS 9.8
CVE-2017-6530 CRITICAL
Televes COAXDATA GATEWAY 1Gbps Firmware 4.20 - Unauthenticated Password Change
CVSS 9.8
CVE-2017-8006 MEDIUM
RSA Authentication Manager <= 8.2 SP1 Patch 1 - Authenticated PIN Brute Force in Self-Service Console
CVSS 5.9
CVE-2017-2341 HIGH
Juniper Networks Junos OS <14.1X53-D40 - Privilege Escalation
CVSS 8.8
CVE-2017-10601 CRITICAL
Junos OS Multiple Versions - Unauthenticated Authentication Bypass via Commit Failure
CVSS 9.8
CVE-2017-1000071 HIGH
Jasig phpCAS 1.3.4 - Authentication Bypass via validateCAS20 Function
CVSS 8.1
CVE-2017-1000068 HIGH
TestTrack Server <1.0 - Privilege Escalation
CVSS 7.5
CVE-2017-1000030 CRITICAL
Oracle GlassFish Server Open Source Edition 3.0.1 - Info Disclosure
CVSS 9.8
CVE-2017-1000020 CRITICAL
eCos Embedded Web Servers < 1.3.1 - Unauthenticated Authentication Bypass via SYN/FIN Flood
CVSS 9.8
CVE-2017-8495 HIGH
Microsoft Windows - Kerberos SNAME Security Feature Bypass
CVSS 7.5
CVE-2017-5640 CRITICAL
Apache Impala 2.7.0-2.8.0 - Improper Authentication via Early SASL Handshake Completion
CVSS 9.8
CVE-2017-7660 HIGH
Apache Solr 5.3.0-5.5.4 and 6.0-6.5.1 - Improper Authentication via Malicious Node Name
CVSS 7.5
CVE-2017-6868 HIGH
Siemens SIMATIC CP - Improper Authentication
CVSS 8.1
CVE-2017-2186 HIGH
HOME SPOT CUBE2 <V101 - Auth Bypass
CVSS 8.8
CVE-2017-7405 CRITICAL
D-Link DIR-615 <20.12PTb04 - Privilege Escalation
CVSS 9.8
CVE-2017-6711 CRITICAL
Cisco Ultra Services Framework - Unauthorized Access
CVSS 9.1
CVE-2017-1264 HIGH
IBM Security Guardium 10.0 - Improper Authentication
CVSS 7.5
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits