CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,355 vulnerabilities with CWE-287
CVE-2024-28188 MEDIUM
jupyter-scheduler < 1.1.6, 1.2.1, 1.8.2, 2.5.2 - Exposure of Sensitive Information via Conda Environment List
CVSS 5.3
CVE-2024-29849 CRITICAL
Veeam Backup Enterprise Manager - Auth Bypass
CVSS 9.8
CVE-2024-5044 LOW
Emlog Pro 2.3.4 - Improper Authentication via AuthCookie Manipulation
CVSS 3.7
CVE-2024-35184 MEDIUM
paperless-ngx 2.5.0-2.8.6 - Unauthenticated API Access Bypass
CVSS 5.5
CVE-2024-3487 LOW
OpenText iManager 3.2.6.0200 - Authentication Bypass via Parameter Manipulation
CVSS 3.5
CVE-2024-4129 HIGH
Snow License Manager <9.34.0 - Auth Bypass
CVSS 8.8
CVE-2024-3263 CRITICAL
YMS VIS Pro <= 3.3.0.6 - Info Disclosure
CVSS 9.8
CVE-2024-34340 CRITICAL
Cacti < 1.2.27 - Type Juggling Authentication Bypass via Loose MD5 Comparison
CVSS 9.1
CVE-2024-27835 LOW
iPadOS < 17.5 - Unauthenticated Notes Access from Lock Screen
CVSS 2.4
CVE-2024-4601 MEDIUM
Socomec Net Vision <7.20 - Auth Bypass
CVSS 6.7
CVE-2024-20856 MEDIUM
Secure Folder <SMR May-2024 Release 1 - Auth Bypass
CVSS 4.3
CVE-2024-34093 MEDIUM
Archer Platform 6 < 2024.03 - Unauthenticated X-Forwarded-For Header Bypass
CVSS 5.3
CVE-2024-33110 CRITICAL
D-Link DIR-845L Firmware < 1.01krb03 - Permission Bypass via getcfg.php
CVSS 9.1
CVE-2024-26331 HIGH
ReCrystallize Server - Authentication Bypass
CVSS 7.5
CVE-2024-4303 HIGH
ArmorX APP < 1.5.2 - Improper Authentication via MFA Bypass
CVSS 8.8
CVE-2024-30939 MEDIUM
Yealink VP59 Firmware 91.15.0.118 - Improper Authentication via Factory Reset Procedure
CVSS 6.8
CVE-2024-4024 HIGH
GitLab CE/EE <16.9.6-16.11.1 - Auth Bypass
CVSS 7.3
CVE-2024-3701 CRITICAL
Tecno HIOS - Improper Authentication in System Application Component
CVSS 9.8
CVE-2024-29837 HIGH
Evolution Controller <2.04.560.31.03.2024 - Info Disclosure
CVSS 8.8
CVE-2024-2112 MEDIUM
The Form Maker by 10Web - Info Disclosure
CVSS 5.9
CVE-2024-24279 HIGH
secdiskapp 1.5.1 - Privilege Escalation via vsVerifyPassword and vsSetFingerPrintPower
CVSS 8.8
CVE-2024-29757 HIGH
Android - Local Privilege Escalation via Debug Certificate Allowlist Bypass
CVSS 7.3
CVE-2024-25699 HIGH
Esri Portal for ArcGIS <= 11.2 and ArcGIS Enterprise <= 11.1 - Authenticated Improper Authentication
CVSS 8.5
CVE-2024-22247 MEDIUM
VMware SD-WAN Edge - Privilege Escalation
CVSS 4.8
CVE-2024-28012 CRITICAL
NEC Aterm Firmware - Improper Authentication
CVSS 9.8
Details
Vulnerabilities 4,355
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits