Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287

Cisco IOS 15.2-15.5 and IOS XE 3.6E-3.14S - Improper Authentication via SSHv2 RSA

Impero Education Pro < 5008 - Improper Authentication via Hardcoded Credential

Cisco Identity Services Engine 1.2(0.899) - Information Disclosure via Guest Portal Uploaded HTML Documents

Apple OS X <10.10.5 - Privilege Escalation

Symantec Endpoint Protection Manager <12.1-RU6-MP1 - Auth Bypass

Webservice-DIC yoyaku_v41 - Auth Bypass

OpenEMR 2.x-4.x - Unauthenticated Authentication Bypass via ignoreAuth Parameter

unattended-upgrades <0.86.1 - Man-in-the-Middle

Magento CE/EE <1.9.1.0-1.14.1.0 - Auth Bypass

HP TippingPoint SMS and vSMS < 4.2 - Unauthenticated Remote Code Execution via JBoss RMI

Siemens WinCC < 13.0 - Improper Authentication via Password Hash

IBM General Parallel File System 3.4-3.4.0.32, 3.5-3.5.0.24, 4.1-4.1.0.7 - Unauthenticated Remote Code Execution

Cisco Small Business IP Phones SPA 300/500 7.5.5 - Unauthenticated Remote Audio Stream Access

Cisco Expressway/TelePresence Unauthenticated Authentication Bypass via Crafted Login

Cisco IOS - Authentication Bypass via Invalid AAA Return Code Handling

TYPO3 4.3.0-4.3.14, 4.4.0-4.4.15, 4.5.0-4.5.39, 4.6.0-4.6.18 - Authentication Bypass via RSAAuth

Infoblox NetMRI < 6.8.2.11 - Remote Code Execution via Anyterm Daemon

CVE-2014-125060 HIGH

collabcal < 2014-12-09 - Improper Authentication in handleGet Function

CVE-2014-9320 CRITICAL

SAP BusinessObjects Edge 4.1 - Privilege Escalation

CVE-2014-3879 CRITICAL

FreeBSD < 9.2 - Authentication Bypass via Missing Policy Include Directive

CVE-2014-4198 CRITICAL

BS-Client Private Client <2.6 - Auth Bypass

CVE-2014-9753 CRITICAL

ATutor < 2.2 - Unauthenticated Authentication Bypass via auto_login Parameter

CVE-2014-8347 HIGH

Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04 - Authentication Bypass via MatchPasswordData Function

CVE-2014-5081 CRITICAL

sphider < 1.3.6, sphider-pro < 3.2, sphider-plus < 3.2 - Authentication Bypass

CVE-2014-2651 CRITICAL

Unify OpenStage/OpenScape Desk Phone IP <V3 R3.11.0 - Auth Bypass

Previous Page 134 of 175 Next

Details

Vulnerabilities 4,372

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy