CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,355 vulnerabilities with CWE-287
CVE-2024-9683 MEDIUM
Quay - Authentication Bypass via Truncated Password
CVSS 4.8
CVE-2024-45216 CRITICAL
Apache Solr 5.3.0-8.11.3 and 9.0.0-9.6.9 - Authentication Bypass via Fake URL Path Ending
CVSS 9.8
CVE-2024-38139 HIGH
Microsoft Dataverse - Privilege Escalation
CVSS 8.7
CVE-2024-47080 HIGH
matrix-js-sdk <34.7.0 - Info Disclosure
CVE-2024-45148 HIGH
Adobe Commerce <2.4.7-p2 - Auth Bypass
CVSS 8.8
CVE-2024-45115 CRITICAL
Adobe Commerce <2.4.7-p2 - Privilege Escalation
CVSS 9.8
CVE-2024-38124 CRITICAL
Windows Netlogon < - Privilege Escalation
CVSS 9.0
CVE-2024-41798 CRITICAL
Siemens SENTRON 7KM PAC3200 - Improper Authentication via Modbus TCP Interface
CVSS 9.8
CVE-2024-45051 HIGH
Discourse < 3.3.2 and < 3.4.0 - Improper Authentication via Maliciously Crafted Email Address
CVSS 8.2
CVE-2024-47768 HIGH
Lif Authentication Server <1.7.3 - Info Disclosure
CVSS 8.1
CVE-2024-41589 HIGH
DrayTek Vigor3910 Firmware < 4.3.2.6 - Improper Authentication via Unencrypted HTTP
CVSS 8.8
CVE-2024-47807 HIGH
Jenkins OpenId Connect Authentication Plugin <4.354.321ce67a-1de8 -...
CVSS 8.1
CVE-2024-47806 HIGH
Jenkins OpenId Connect Authentication Plugin <4.354.v321ce67a_1de8 ...
CVSS 8.1
CVE-2024-47070 CRITICAL
authentik <2024.8.3-2024.6.5 - Auth Bypass
CVSS 9.0
CVE-2024-47174 MEDIUM
Nix <2.18.8, <2.24.8 - Info Disclosure
CVSS 5.9
CVE-2024-47127 MEDIUM
goTenna Pro < 1.6.1 and < 2.0.3 - Unauthenticated Message Injection via Software Defined Radio
CVSS 6.5
CVE-2024-47125 HIGH
goTenna Pro < 1.6.1 and < 2.0.3 - Unauthenticated Message Manipulation via Public Key Spoofing
CVSS 8.1
CVE-2024-45042 MEDIUM
Ory Kratos <1.3.0 - Info Disclosure
CVSS 4.4
CVE-2024-45750 HIGH
TheGreenBow Windows Standard VPN Client <6.87.108 - RCE
CVSS 7.3
CVE-2024-47078 HIGH
meshtastic_firmware < 2.5.1 - Authentication and Authorization Bypass via MQTT Implementation
CVSS 8.1
CVE-2024-0002 CRITICAL
FlashArray Purity 5.3.17-5.3.20 - Improper Authentication
CVSS 10.0
CVE-2024-47218 CRITICAL
vesoft NebulaGraph <3.8.0 - Auth Bypass
CVSS 9.8
CVE-2024-34399 CRITICAL
BMC Remedy Mid Tier <7.6.04 - Info Disclosure
CVSS 9.8
CVE-2024-41929 HIGH
TAKENAKA ENGINEERING CO., LTD. - Command Injection
CVSS 8.8
CVE-2024-8956 CRITICAL KEV
PTZOptics PT30X-SDI/NDI-xx < 6.3.40 - Unauthenticated Sensitive Data Exposure and Configuration Modification
CVSS 9.1
Details
Vulnerabilities 4,355
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits