CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2016-9497 HIGH
Hughes HN7740S DW7000 HN7000S/SM Firmware - Unauthenticated Authentication Bypass via Telnet Port 1953
CVSS 8.8
CVE-2016-9482 CRITICAL
PHP FormMail Generator - Unauthenticated Authentication Bypass via Direct Admin Panel Access
CVSS 9.8
CVE-2016-6549 MEDIUM
nutspace nut_mobile - Unauthenticated Bluetooth Pairing
CVSS 4.3
CVE-2016-6544 HIGH
iTrack Easy - Unauthenticated GPS Data Modification via cmd:setothergps Parameter
CVSS 7.5
CVE-2016-6541 HIGH
TrackR Bravo Firmware < 2.2.5 (Android) and < 5.1.6 (iOS) - Unauthenticated Pairing
CVSS 8.8
CVE-2016-10532 CRITICAL
console-io < 2.2.13 - Unauthenticated Remote Command Execution via WebSocket
CVSS 9.8
CVE-2016-10525 CRITICAL
hapi-auth-jwt2 5.1.1 - Unauthenticated Authentication Bypass via 'try' Mode
CVSS 9.8
CVE-2016-10434 HIGH
Qualcomm SD 820 and SD 820A Firmware - Improper Authentication in RPMB Write Response Handling
CVSS 7.5
CVE-2016-9646 MEDIUM
ikiwiki < 3.20161229 - Commit Metadata Forgery via CGI::FormBuilder->field Method
CVSS 5.3
CVE-2016-8380 HIGH
Phoenix Contact ILC PLCs - Info Disclosure
CVSS 7.3
CVE-2016-8371 HIGH
Phoenix Contact ILC PLCs - Info Disclosure
CVSS 7.3
CVE-2016-9880 CRITICAL
GemFire for Pivotal Cloud Foundry 1.6.0-1.6.4 and 1.7.0 - Unauthenticated Cluster Access via API Endpoints
CVSS 9.8
CVE-2016-5791 CRITICAL
JanTek JTC-200 Firmware - Unauthenticated BusyBox Shell Access via TELNET
CVSS 9.8
CVE-2016-8937 CRITICAL
IBM Spectrum Protect <8.1 - Info Disclosure
CVSS 9.8
CVE-2016-4460 CRITICAL
Apache Pony Mail 0.6c-0.8b - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2016-2102 MEDIUM
HAProxy - Unauthenticated Access to Statistics
CVSS 5.3
CVE-2016-8951 HIGH
IBM Emptoris Strategic Supply Management Platform <10.1.1.x - DoS
CVSS 7.5
CVE-2016-7836 CRITICAL KEV
SKYSEA Client View <= 11.221.03 - Remote Code Execution via Authentication Bypass
CVSS 9.8
CVE-2016-4863 MEDIUM
Toshiba FlashAir - Unauthenticated Data Exposure via Internet Pass-Thru Mode
CVSS 4.3
CVE-2016-1219 CRITICAL
Cybozu Garoon < 4.2.1 - Authentication Bypass via API
CVSS 9.8
CVE-2016-5410 MEDIUM
firewalld < 0.4.3.3 - Unauthenticated Firewall Configuration Modification via D-Bus API
CVSS 5.5
CVE-2016-1908 CRITICAL
OpenSSH <7.2 - Privilege Escalation
CVSS 9.8
CVE-2016-5068 CRITICAL
Sierra Wireless GX 440 ALEOS Firmware 4.3.2 - Unauthenticated Improper Authentication via Embedded_Ace_Get_Task.cgi
CVSS 9.8
CVE-2016-10309 CRITICAL
Ceragon FibeAir IP-10 Firmware < 7.1.0 - Unauthenticated Authentication Bypass via ALBATROSS Cookie
CVSS 9.8
CVE-2016-9463 HIGH
Nextcloud Server <9.0.54/10.0.1 & ownCloud Server <9.1.2/9.0.6/8.2.9 - SMB Auth Bypass
CVSS 8.1
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits