CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,355 vulnerabilities with CWE-287
CVE-2024-11917 HIGH
JobSearch WP Job Board <2.9.2 - Auth Bypass
CVSS 8.1
CVE-2024-44843 MEDIUM
SteVe 3.7.1 - Improper Authentication via Crafted OCPP Requests
CVSS 5.9
CVE-2024-13804 CRITICAL
HPE Insight Cluster Management Utility - RCE
CVSS 9.8
CVE-2024-57490 HIGH
ioffice20 - Unauthenticated Improper Authentication
CVSS 7.7
CVE-2024-56336 CRITICAL
Siemens SINAMICS S200 - Unauthenticated Firmware Injection via Unlocked Bootloader
CVSS 9.8
CVE-2024-11087 HIGH
miniOrange Social Login and Register Pro Addon < 200.3.9 - Unauthenticated Authentication Bypass via Social Login Token
CVSS 8.1
CVE-2024-38426 MEDIUM
Qualcomm Video Collaboration VC1 Platform Firmware - Improper Authentication
CVSS 5.4
CVE-2024-5174 MEDIUM
Gliffy Online < 4.14.0-7 - Improper Authentication via Password Reset Functionality
CVE-2024-57049 CRITICAL
TP-Link Archer c20 <V6.6_230412 - Auth Bypass
CVSS 9.8
CVE-2024-57046 HIGH
Netgear DGN2200 <v1.0.0.46 - Auth Bypass
CVSS 8.8
CVE-2024-57045 CRITICAL
D-Link DIR-859 <A3 1.05 - Auth Bypass
CVSS 9.8
CVE-2024-13528 HIGH
Customer Email Verification for WooCommerce <= 2.9.5 - Authenticated Authentication Bypass via Shortcode
CVSS 7.5
CVE-2024-52968 MEDIUM
FortiClientMac 7.0.11-7.2.4 - Unauthenticated Improper Authentication via Empty Password
CVSS 6.7
CVE-2024-46434 HIGH
Tenda W18E V16.01.0.8(1625) - Unauthenticated Authentication Bypass via Crafted HTTP Request
CVSS 8.8
CVE-2024-48445 CRITICAL
compop.ca ONLINE MALL 3.5.3 - Remote Code Execution via rid, tid, et, and ts Parameters
CVSS 9.8
CVE-2024-27137 MEDIUM
Apache Cassandra 4.0.2-5.0.2 - Unauthenticated Credential Capture via JMX RMI Registry Manipulation
CVSS 5.3
CVE-2024-12510 MEDIUM
Xerox VersaLink, Phaser, and WorkCentre - LDAP Authentication Redirect Credential Exposure
CVSS 6.7
CVE-2024-57432 HIGH
macrozheng mall-tiny 1.0.1 - Authentication Bypass via Hardcoded JWT Signing Key
CVSS 7.5
CVE-2024-55954 HIGH
OpenObserve < 0.14.1 - Authenticated Privilege Escalation via User Removal Endpoint
CVSS 8.7
CVE-2024-36402 MEDIUM
Matrix Media Repo <1.3.5 - Info Disclosure
CVSS 5.3
CVE-2024-11322 HIGH
CyberPower PowerPanel Business <4.11.0 - DoS
CVSS 7.5
CVE-2024-12919 CRITICAL
Paid Membership Subscriptions < 2.13.7 - Unauthenticated Authentication Bypass via pms_payment_id Parameter
CVSS 9.8
CVE-2024-42172 MEDIUM
HCL MyXalytics - Insufficiently Protected Credentials
CVSS 5.3
CVE-2024-9133 MEDIUM
Arista ng_firewall < 17.1.1 - Authenticated Authentication Token Exposure
CVSS 6.6
CVE-2024-13309 MEDIUM
Drupal Login Disable <2.1.1 - Auth Bypass
CVSS 5.4
Details
Vulnerabilities 4,355
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits