CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,355 vulnerabilities with CWE-287
CVE-2024-6535 MEDIUM
Skupper - Auth Bypass
CVSS 5.3
CVE-2024-22442 CRITICAL
HP 3PAR Service Processor Firmware < 5.1.2.0 - Authentication Bypass
CVSS 9.8
CVE-2024-39767 MEDIUM
Mattermost Mobile Apps <=2.16.0 - Improper Push Notification Validation
CVSS 4.2
CVE-2024-39340 HIGH
Securepoint UTM <12.6.4, <12.7.0 - Auth Bypass
CVSS 8.8
CVE-2024-38433 MEDIUM
Nuvoton NPCM7xx Firmware < 10.10.19 - Authentication Bypass and Arbitrary Code Execution via U-Boot Image Header
CVSS 6.7
CVE-2024-6397 CRITICAL
InstaWP Connect <0.1.0.44 - Auth Bypass
CVSS 9.8
CVE-2024-6235 HIGH
NetScaler Console - Info Disclosure
CVSS 8.8
CVE-2024-38099 MEDIUM
Windows Remote Desktop Licensing Service - DoS
CVSS 5.9
CVE-2024-39723 MEDIUM
IBM FlashSystem 5300 - Physical Access
CVSS 4.6
CVE-2024-39830 HIGH
Mattermost 9.5.0-9.5.5 9.6.0-9.6.2 9.7.0-9.7.4 9.8.0 - Remote Cluster Token Timing Attack via Shared Channels
CVSS 8.1
CVE-2024-3826 HIGH
Akana API Platform < 2024.1.0 - Improper Authentication via SAML SSO
CVE-2024-34596 MEDIUM
Samsung SmartThings < 1.8.17 - Improper Authentication
CVSS 5.9
CVE-2024-20900 MEDIUM
Samsung Android - Improper Authentication in MTP Application
CVSS 4.0
CVE-2024-20890 MEDIUM
Samsung Android - Improper Authentication via BLE Input Validation
CVSS 5.3
CVE-2024-20889 MEDIUM
Samsung Android - Improper Authentication in BLE Pairing
CVSS 5.9
CVE-2024-28200 CRITICAL
N-able N-central < 2024.2 - Authentication Bypass Detection
CVSS 9.1
CVE-2024-38523 HIGH
Hush Line <0.10 - Auth Bypass
CVSS 7.5
CVE-2024-23767 HIGH
HMS Anybus X-Gateway <3 - Info Disclosure
CVSS 8.8
CVE-2024-27867 MEDIUM
AirPods Firmware <6A326-6F8 - Auth Bypass
CVSS 4.3
CVE-2024-5012 HIGH
WhatsUp Gold < 23.1.3 - Unauthenticated Windows Credential Disclosure via WUGDataAccess.Credentials
CVSS 8.6
CVE-2024-5806 CRITICAL
Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read
CVSS 9.1
CVE-2024-5805 CRITICAL
Progress MOVEit Gateway 2024.0.0.0 - Authentication Bypass in SFTP Modules
CVSS 9.1
CVE-2024-37085 MEDIUM KEV
VMware ESXi - Authentication Bypass via Recreated Active Directory Group
CVSS 6.8
CVE-2024-37233 MEDIUM
Play.ht < 3.6.4 - Improper Authentication
CVSS 4.3
CVE-2024-24554 HIGH
Bludit 3.14.0-3.14.9 - Unauthenticated Authentication Bypass via Predictable MD5 Token
CVSS 8.2
Details
Vulnerabilities 4,355
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits