CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,355 vulnerabilities with CWE-287
CVE-2024-44202 MEDIUM
iPadOS < 18.0 - Unauthenticated Private Browsing Tab Access
CVSS 5.3
CVE-2024-44127 MEDIUM
iPadOS < 17.7 - Improper Authentication
CVSS 5.3
CVE-2024-45113 HIGH
ColdFusion <2023.6, 2021.12 - Privilege Escalation
CVSS 7.5
CVE-2024-45823 HIGH
Rockwell Automation FactoryTalk Batch View - Authentication Bypass via Shared Secrets
CVSS 8.1
CVE-2024-8642 HIGH
Eclipse Dataspace Components <0.9.0 - Auth Bypass
CVSS 8.1
CVE-2024-38225 HIGH
Microsoft Dynamics 365 Business Central - Privilege Escalation
CVSS 8.8
CVE-2024-40713 HIGH
Veeam Backup & Replication - Privilege Escalation
CVSS 7.8
CVE-2024-5957 MEDIUM
Trellix Intrusion Prevention System Manager < 11.1.7.97 - Unauthenticated Authentication Bypass
CVSS 6.3
CVE-2024-5956 MEDIUM
Trellix Intrusion Prevention System Manager - Unauthenticated Authentication Bypass
CVSS 6.5
CVE-2024-44821 MEDIUM
ZZCMS < 2023 - Improper Authentication via Captcha Reuse Logic
CVSS 5.3
CVE-2024-7923 CRITICAL
Red Hat Satellite 6.13-6.15 - Authentication Bypass via Malformed HTTP Header
CVSS 9.8
CVE-2024-7012 CRITICAL
Red Hat Satellite 6.13-6.15 - Authentication Bypass via Malformed HTTP Header
CVSS 9.8
CVE-2024-7870 MEDIUM
PixelYourSite < 9.7.2 and < 10.4.3 - Unauthenticated Sensitive Information Exposure via Public Log Files
CVSS 6.5
CVE-2024-7346 HIGH
OpenEdge - Host Name Validation Bypass
CVSS 7.2
CVE-2024-7745 MEDIUM
WS_FTP Server <8.8.8 - Privilege Escalation
CVSS 6.5
CVE-2024-45346 HIGH
Xiaomi Security Center - Info Disclosure
CVSS 8.8
CVE-2024-8181 CRITICAL
Flowise 1.8.2 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2024-45036 MEDIUM
Shopify tophat < 1.10.0 - Improper Access Control via Malicious Tophat URL
CVSS 4.3
CVE-2024-7401 HIGH
Netskope - Improper Authentication via Static Orgkey Token
CVSS 7.5
CVE-2024-36444 HIGH
Swissphone DiCal-RED 4009 - Info Disclosure
CVSS 8.1
CVE-2024-43409 MEDIUM
Ghost 4.46.0-5.89.4 - Improper Access Control
CVSS 6.5
CVE-2024-42336 HIGH
Servision IVG WebMax - Improper Authentication
CVSS 8.2
CVE-2024-38810 MEDIUM
Spring Security 6.3.0-6.3.1 - Missing Authorization via @AuthorizeReturnObject Annotation
CVSS 6.5
CVE-2024-43240 CRITICAL
Ultimate Membership Pro <12.6 - Privilege Escalation
CVSS 9.4
CVE-2024-42462 CRITICAL
upKeeper Manager <5.1.9 - Auth Bypass
CVSS 9.8
Details
Vulnerabilities 4,355
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits