CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2016-2012 MEDIUM
HPE Network Node Manager i <10.02 - Auth Bypass
CVSS 6.5
CVE-2016-4422 CRITICAL
libpam-sshauth - Improper Authentication via pam_sm_authenticate Function
CVSS 9.8
CVE-2016-1387 CRITICAL
Cisco TelePresence TC and CE Software - Improper Authentication via XML API
CVSS 9.8
CVE-2016-2300 MEDIUM
Ecava IntegraXor < 4.2.4502 - Unauthenticated Authentication Bypass
CVSS 6.5
CVE-2016-2076 HIGH
VMware vCenter Server 5.5 U3a-U3c and 6.0 < U2 - Session Hijacking via Client Integration Plugin
CVSS 7.6
CVE-2016-0733 CRITICAL
Apache Ranger < 0.5.1 - Unauthenticated Authentication Bypass via Missing Password
CVSS 9.8
CVE-2016-2245 CRITICAL
HP Support Assistant < 8.1.40.3 - Authentication Bypass
CVSS 9.8
CVE-2016-1356 LOW
Cisco FireSIGHT System Software 6.1.0 - Info Disclosure
CVSS 3.7
CVE-2016-1329 CRITICAL
Cisco NX-OS <6.0(2)U6(5)-<6.0(2)A7(1) - Privilege Escalation
CVSS 9.8
CVE-2016-1307 MEDIUM
Cisco Finesse Desktop <11.0.1 - Auth Bypass
CVSS 5.4
CVE-2016-0755 HIGH
curl < 7.47.0 - Improper Authentication via NTLM Proxy Connection Reuse
CVSS 7.3
CVE-2015-10083 MEDIUM
harrystech Dynosaur-Rails - Auth Bypass
CVSS 6.3
CVE-2015-5298 MEDIUM
Google Login Plugin <1.2 - Auth Bypass
CVSS 6.5
CVE-2015-6922 CRITICAL
Kaseya VSA <7.0.0.33, <8.0.0.23, <9.0.0.19, <9.1.0.9 - Unauthenticated RCE via File Write
CVSS 9.8
CVE-2015-0102 HIGH
IBM Workflow for Bluemix - Session Cookie Secure Flag Missing
CVSS 8.1
CVE-2015-7882 HIGH
MongoDB Server <3.0.7 - Privilege Escalation
CVSS 8.1
CVE-2015-4987 MEDIUM
IBM Tealeaf Customer Experience 8.0-9.0.2 - Authentication Bypass
CVSS 6.5
CVE-2015-6926 HIGH
OXID eShop < 4.5.0 - Improper Authentication via OpenID Email Address Spoofing
CVSS 7.5
CVE-2015-6237 CRITICAL
Tripwire IP360 VnE Manager 7.2.2-7.2.6 - Unauthenticated Authentication Bypass via Privileged Commands
CVSS 9.8
CVE-2015-7224 CRITICAL
puppetlabs-mysql 3.1.0-3.6.0 - Authentication Bypass via MySQL User Host Netmask
CVSS 9.8
CVE-2015-1187 CRITICAL KEV
D-Link Routers - Remote Code Execution via ping.ccp
CVSS 9.8
CVE-2015-3442 CRITICAL
Soreco Xpert.Line 3.0 - Privilege Escalation
CVSS 9.8
CVE-2015-7746 CRITICAL
NetApp Data ONTAP <8.2.4 - Auth Bypass
CVSS 9.8
CVE-2015-8332 HIGH
Huawei Video Content Management (VCM) < V100R001C10SPC001 - Privile...
CVSS 8.8
CVE-2015-1401 CRITICAL
TYPO3 ig_ldap_sso_auth <2.0.0 - Auth Bypass
CVSS 9.8
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits