CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,354 vulnerabilities with CWE-287
CVE-2024-14034 CRITICAL
Hirschmann HiEOS Authentication Bypass via HTTP Management Module
CVSS 9.8
CVE-2024-21635 HIGH
memos <= 0.18.1 - Improper Authentication via Persistent Access Tokens
CVSS 7.5
CVE-2024-40653 HIGH
Android - Local Privilege Escalation via ConnectionServiceWrapper Logic Error
CVSS 7.3
CVE-2024-52786 CRITICAL
Anji-plus AJ-Report <1.4.2 - Auth Bypass
CVSS 9.8
CVE-2024-50645 CRITICAL
MallChat v1.0-SNAPSHOT - Auth Bypass
CVSS 9.8
CVE-2024-50644 CRITICAL
zhisheng17 blog 3.0.1-SNAPSHOT - Auth Bypass
CVSS 9.8
CVE-2024-50641 HIGH
PandoraNext-TokensTool <0.6.8 - Auth Bypass
CVSS 8.1
CVE-2024-50640 CRITICAL
jeewx-boot 1.3 - Authentication Bypass via preHandle Function
CVSS 9.8
CVE-2024-57491 HIGH
jobx <= 1.0.1-RELEASE - Authentication Bypass via preHandle Function
CVSS 8.8
CVE-2024-12310 HIGH
Imprivata Enterprise Access Mgmt <24.2 - Auth Bypass
CVE-2024-6107 CRITICAL
Canonical Metal as a Service 3.1.0-3.1.3 - Unauthenticated RPC Command Execution via Malicious Client
CVSS 9.6
CVE-2024-51767 HIGH
HPE AutoPass License Server <9.17 - Auth Bypass
CVSS 7.3
CVE-2024-6174 HIGH
cloud-init < 25.1.3 - Unauthenticated Root Access via Hardcoded Local IP URL
CVSS 8.8
CVE-2024-45347 CRITICAL
Xiaomi Mi Connect Service APP - Info Disclosure
CVSS 9.6
CVE-2024-38825 MEDIUM
Salt 3006.0rc1-3006.11 and 3007.0-3007.3 - Improper Authentication in PKI Module
CVSS 6.4
CVE-2024-38822 LOW
Salt Master <unknown - Privilege Escalation
CVSS 2.7
CVE-2024-13088 HIGH
QHora - Auth Bypass
CVSS 7.8
CVE-2024-7487 MEDIUM
WSO2 Identity Server 7.0.0 - Improper Authentication via Invalid Object Bypass
CVSS 5.8
CVE-2024-41199 HIGH
Ocuco Innovation JOBMANAGER.EXE 2.10.24.16 - Unauthenticated Privilege Escalation via Crafted TCP Packet
CVSS 7.2
CVE-2024-41198 CRITICAL
Ocuco Innovation REPORTS.EXE 2.10.24.13 - Authentication Bypass and Privilege Escalation via Crafted TCP Packet
CVSS 9.8
CVE-2024-41197 CRITICAL
Ocuco Innovation INVCLIENT.EXE 2.10.24.5 - Authentication Bypass and Privilege Escalation via Crafted TCP Packet
CVSS 9.8
CVE-2024-41196 CRITICAL
Ocuco Innovation REPORTSERVER.EXE 2.10.24.13 - Authentication Bypass and Privilege Escalation via Crafted TCP Packet
CVSS 9.8
CVE-2024-41195 CRITICAL
Ocuco Innovation - Authentication Bypass and Privilege Escalation via Crafted TCP Packet
CVSS 9.8
CVE-2024-11186 CRITICAL
Arista CloudVision Portal - Privilege Escalation
CVSS 10.0
CVE-2024-11917 HIGH
JobSearch WP Job Board <2.9.2 - Auth Bypass
CVSS 8.1
Details
Vulnerabilities 4,354
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits