CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,355 vulnerabilities with CWE-287
CVE-2024-37897 MEDIUM
SFTPGo 2.2.0-2.6.1 - Improper Authentication via Password Reset Feature
CVSS 5.4
CVE-2024-5432 CRITICAL
Lifeline Donation < 1.2.6 - Unauthenticated Authentication Bypass via Checkout
CVSS 9.8
CVE-2024-38351 MEDIUM
PocketBase < 0.22.14 - Account Compromise via OAuth2-Password Auth Linking
CVSS 5.4
CVE-2024-37893 MEDIUM
Firefly III < 6.1.17 - MFA Bypass via OAuth Flow
CVSS 5.9
CVE-2024-6057 CRITICAL
Devolutions Remote Desktop Manager < 2024.1.32.0 - Improper Authentication via Offline Mode Feature
CVSS 9.8
CVE-2024-27275 HIGH
IBM i 7.2-7.5 - Incorrect Privilege Assignment in Physical File Trigger Configuration
CVSS 7.4
CVE-2024-37368 HIGH
Rockwell Automation FactoryTalk View SE 11.0-13.0 - Unauthenticated HMI Project Access
CVSS 7.5
CVE-2024-37367 HIGH
Rockwell Automation FactoryTalk View SE 12.0-13.0 - Unauthenticated Remote HMI Project Access
CVSS 7.5
CVE-2024-37313 HIGH
Nextcloud Server 21.0.0-21.0.9.17 and 26.0.0-26.0.13 - Two-Factor Authentication Bypass
CVSS 7.3
CVE-2024-3080 CRITICAL
ASUS ZenWiFi XT8, XT8 V2, RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, RT-AC68U - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2024-22441 CRITICAL
HPE Cray Parallel Application Launch Service 1.0.0-1.2.13 - Authentication Bypass
CVSS 9.8
CVE-2024-30299 CRITICAL
Adobe Framemaker Publishing Server <= 2022.2 - Improper Authentication
CVSS 10.0
CVE-2024-34103 HIGH
Adobe Commerce <2.4.7 - Privilege Escalation
CVSS 8.1
CVE-2024-5798 LOW
HashiCorp Vault 0.11.0-1.15.8 and 1.17.0-rc1 - Improper JWT Audience Claim Validation
CVSS 2.6
CVE-2024-36264 CRITICAL
Apache Submarine Commons Utils <0.8.0 - Auth Bypass
CVSS 9.8
CVE-2024-35248 HIGH
Microsoft Dynamics 365 Business Central - Elevation of Privilege via Weak Authentication
CVSS 7.3
CVE-2024-36266 CRITICAL
Siemens PowerSys < 3.11 - Authentication Bypass
CVSS 9.3
CVE-2024-23251 MEDIUM
iPadOS < 16.7.8 and 17.5 - Authentication Bypass via Physical Access
CVSS 4.6
CVE-2024-37408 HIGH
fprintd <= 1.94.3 - Improper Authentication
CVSS 7.3
CVE-2024-5732 HIGH
Clash for Windows < 0.20.1 - Improper Authentication in Proxy Port
CVSS 7.3
CVE-2024-37152 MEDIUM
Argo CD 2.9.3-2.9.16 - Unauthenticated Sensitive Settings Exposure via /api/v1/settings Endpoint
CVSS 5.3
CVE-2024-5658 MEDIUM
born05/two-factor_authentication < 3.3.4 - Improper Authentication via TOTP Token Reuse
CVSS 4.8
CVE-2024-35670 MEDIUM
SoftLab Integrate Google Drive <= 1.3.93 - Broken Authentication
CVSS 5.3
CVE-2024-37019 CRITICAL
Northern.tech Mender Enterprise <3.6.4, <3.7.4 - Privilege Escalation
CVSS 9.8
CVE-2024-5201 HIGH
OpenText Dimensions RM - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities 4,355
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits