CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,355 vulnerabilities with CWE-287
CVE-2024-6248 HIGH
Wyze Cam v3 - Remote Code Execution
CVSS 7.5
CVE-2024-11494 HIGH
Zyxel P-6101C <P-6101CSA6AP_20140331 - Info Disclosure
CVSS 7.5
CVE-2024-47533 CRITICAL
Cobbler <3.2.3, <3.3.7 - Auth Bypass
CVSS 9.8
CVE-2024-52518 MEDIUM
Nextcloud Server 28.0.0-28.0.11 - Authenticated External Storage Manipulation
CVSS 4.4
CVE-2024-11209 MEDIUM
Apereo CAS 6.6 - Improper Authentication in 2FA Login Endpoint
CVSS 6.3
CVE-2024-51996 HIGH
Symfony <5.4.46, <6.4.14, <7.1.7 - Auth Bypass
CVSS 7.5
CVE-2024-49039 HIGH KEV
Windows 10 1507-22H2 and Windows 11 22H2 - Elevation of Privilege via Task Scheduler
CVSS 8.8
CVE-2024-51997 HIGH
confidential-containers/trustee < 0.8.2 - Improper Authentication via ART Token Manipulation
CVSS 8.1
CVE-2024-10963 HIGH
Red Hat Enterprise Linux 8 - Improper Authentication via pam_access Configuration Rule Misinterpretation
CVSS 7.4
CVE-2024-50341 LOW
symfony/security-bundle 6.2.0-6.4.9, 7.0.0-7.0.9, 7.1.0-7.1.2 - Improper Authentication via Security::login Method
CVSS 3.1
CVE-2024-9946 HIGH
Super Socializer <7.13.68 - Auth Bypass
CVSS 8.1
CVE-2024-10020 HIGH
Heateor Social Login <1.1.35 - Auth Bypass
CVSS 8.1
CVE-2024-10114 HIGH
WooCommerce - Social Login <2.7.7 - Auth Bypass
CVSS 8.1
CVE-2024-10097 HIGH
Loginizer Security/Loginizer <1.9.2 - Auth Bypass
CVSS 8.1
CVE-2024-10620 MEDIUM
Knightliao Disconf 2.6.36 - Auth Bypass
CVSS 5.3
CVE-2024-10474 MEDIUM
Firefox Focus < 132.0 - Improper Authentication via Deeplink Scheme Bypass
CVSS 6.5
CVE-2024-49755 LOW
Duende IdentityServer - Info Disclosure
CVSS 3.1
CVE-2024-50478 CRITICAL
Swoop 1-Click Login: Passwordless Authentication 1.4.5 - Authentication Bypass
CVSS 9.8
CVE-2024-49757 HIGH
Zitadel <2.64.0-2.58.7 - Auth Bypass
CVSS 7.5
CVE-2024-49376 HIGH
Autolab <3.0.0 - Privilege Escalation
CVSS 8.8
CVE-2024-7763 CRITICAL
WhatsUp Gold < 24.0 - Authentication Bypass
CVSS 9.8
CVE-2024-10327 HIGH
Okta Verify for iOS <9.27.0 - Auth Bypass
CVSS 8.1
CVE-2024-9947 HIGH
ProfilePress Pro <4.11.1 - Auth Bypass
CVSS 8.1
CVE-2024-9927 HIGH
WooCommerce Order Proposal <= 2.0.5 - Authenticated Privilege Escalation via Order Proposal
CVSS 7.2
CVE-2024-10173 HIGH
didi DDMQ 1.0 - Improper Authentication in Console Module
CVSS 7.3
Details
Vulnerabilities 4,355
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits