CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,355 vulnerabilities with CWE-287
CVE-2024-53704 CRITICAL KEV
SonicOS >=7.1.1-7040 <7.1.1-7058 - Unauthenticated Authentication Bypass via SSLVPN
CVSS 9.8
CVE-2024-56445 MEDIUM
HarmonyOS - Improper Authentication in Findnetwork Module
CVSS 4.3
CVE-2024-12264 CRITICAL
PayU CommercePro Plugin <3.8.3 - Privilege Escalation
CVSS 9.8
CVE-2024-13111 MEDIUM
Yunfan Learning Examination System 1.9.2 - Improper Authentication in JWT Token Handler
CVSS 5.6
CVE-2024-1609 HIGH
OPPOStore iOS App - Privilege Escalation
CVE-2024-56335 HIGH
vaultwarden < 1.32.7 - Authenticated Privilege Escalation and Denial of Service via Group Manipulation
CVSS 7.6
CVE-2024-56329 HIGH
Socialstream 6.0.0-6.1.9 - Improper Authentication via Social Account Linking
CVE-2024-1610 CRITICAL
OPPO Store APP - Privilege Escalation
CVSS 9.8
CVE-2024-12287 CRITICAL
Biagiotti Membership <1.0.2 - Auth Bypass
CVSS 9.8
CVE-2024-21543 HIGH
djoser < 2.3.0 - Authentication Bypass via Database Query Fallback
CVSS 7.1
CVE-2024-55886 MEDIUM
OpenSearch Data Prepper 2.1.0-2.10.1 - Unauthenticated OpenTelemetry Logs Ingestion
CVSS 6.9
CVE-2024-11015 CRITICAL
WordPress Sign In With Google <1.8.0 - Auth Bypass
CVSS 9.8
CVE-2024-10111 HIGH
OAuth Single Sign On - SSO (OAuth Client) <= 6.26.3 - Unauthenticated Authentication Bypass via Social Login Token
CVSS 8.1
CVE-2024-50339 MEDIUM
GLPI 9.5.0-10.0.16 - Unauthenticated Session ID Exposure and Hijacking
CVSS 5.3
CVE-2024-49076 HIGH
Windows Virtualization-Based Security Enclave - Elevation of Privilege
CVSS 7.8
CVE-2024-45404 HIGH
OpenCTI <6.2.18 - Privilege Escalation
CVSS 8.1
CVE-2024-47761 HIGH
GLPI <10.0.17 - Privilege Escalation
CVSS 7.2
CVE-2024-10511 MEDIUM
Schneider Electric PowerChute Serial Shutdown - Denial of Service via Repeated /accessdenied Requests
CVSS 5.3
CVE-2024-0130 HIGH
NVIDIA UFM Enterprise GA < 6.15.x, 6.16.x, 6.17.x - Improper Authentication via Ethernet Management Interface
CVSS 8.8
CVE-2024-48859 CRITICAL
QNAP QTS and QuTS hero - Improper Authentication
CVSS 9.1
CVE-2024-11293 HIGH
Pie Register - Social Sites Login < 1.7.9 - Unauthenticated Authentication Bypass via Social Login Token
CVSS 8.1
CVE-2024-45106 HIGH
Apache Ozone 1.4.0 - Authenticated S3 Secret Manipulation via HTTP Endpoint
CVSS 8.1
CVE-2024-53990 CRITICAL
async-http-client 2.1.0-2.12.3 and < 3.0.1 - Cookie Override via CookieStore
CVE-2024-11671 MEDIUM
Drevolutions Remote Desktop Manager <2024.3.17 - Auth Bypass
CVSS 5.4
CVE-2024-45369 HIGH
mySCADA myPRO Manager and myPRO Runtime - Improper Authentication
CVSS 8.1
Details
Vulnerabilities 4,355
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits