CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,355 vulnerabilities with CWE-287
CVE-2024-31800 MEDIUM
GC2 Indoor Security Camera 1080P - Privilege Escalation
CVSS 6.8
CVE-2024-6078 HIGH
Rockwell Automation DataMosaix >=7.07 <7.07 - Improper Authentication via Cookie Generation
CVE-2024-37028 MEDIUM
F5 BIG-IP Next Central Manager 20.1.0-20.2.0 - Overly Restrictive Account Lockout Mechanism
CVSS 5.3
CVE-2024-25157 MEDIUM
GoAnywhere MFT <7.6.0 - Auth Bypass
CVSS 6.5
CVE-2024-7593 CRITICAL KEV
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
CVSS 9.8
CVE-2024-7746 CRITICAL
Traccar 2.12-6.0 - Authentication Abuse via Default Credentials
CVSS 9.8
CVE-2024-35775 MEDIUM
Slider by Soliloquy <= 2.7.6 - Cross-Site Scripting
CVSS 5.9
CVE-2024-42164 MEDIUM
FIWARE Keyrock <= 8.4 - Info Disclosure
CVSS 4.3
CVE-2024-4784 MEDIUM
GitLab EE <17.0.6-17.2.2 - Auth Bypass
CVSS 4.2
CVE-2024-42038 HIGH
Huawei EMUI and HarmonyOS - Improper Authentication in Screen Lock Module
CVSS 8.8
CVE-2024-36132 HIGH
Ivanti Endpoint Manager Mobile < 12.1.0.1 - Authentication Bypass
CVSS 7.5
CVE-2024-36130 CRITICAL
EPMM <12.1.0.1 - Privilege Escalation
CVSS 9.8
CVE-2024-34788 MEDIUM
Ivanti Endpoint Manager Mobile < 12.1.0.1 - Improper Authentication in Web Component
CVSS 6.5
CVE-2024-7395 CRITICAL
Korenix JetPort 5601v3 - Auth Bypass
CVE-2024-40794 MEDIUM
macOS Sonoma <14.6-iPadOS <17.6-Safari <17.6 - Info Disclosure
CVSS 5.3
CVE-2024-40778 LOW
iPhone OS < 16.7.9, iPadOS < 16.7.9, macOS < 14.6 - Unauthenticated Hidden Photos Album Access
CVSS 3.3
CVE-2024-6576 HIGH
Progress MOVEit Transfer - Privilege Escalation
CVSS 7.3
CVE-2024-7050 HIGH
OpenText Directory Services <24.2 - Auth Bypass
CVE-2024-41800 MEDIUM
Craft CMS 5.0.1-5.2.2 - Authenticated TOTP Token Reuse
CVSS 4.8
CVE-2024-41829 LOW
JetBrains TeamCity < 2024.07 - OAuth Code Theft via Space Application Connection
CVSS 3.5
CVE-2024-40648 MEDIUM
matrix-sdk-crypto <0.7.2 - Info Disclosure
CVSS 5.4
CVE-2024-28992 HIGH
SolarWinds Access Rights Manager < 2023.2.4 - Unauthenticated Path Traversal and Information Disclosure
CVSS 7.6
CVE-2024-23471 CRITICAL
SolarWinds Access Rights Manager < 2023.2.4 - Authenticated Remote Code Execution
CVSS 9.6
CVE-2024-23470 CRITICAL
SolarWinds Access Rights Manager < 2023.2.4 - Unauthenticated Remote Code Execution
CVSS 9.6
CVE-2024-23465 HIGH
SolarWinds Access Rights Manager < 2023.2.4 - Unauthenticated Authentication Bypass
CVSS 8.3
Details
Vulnerabilities 4,355
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits