CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,355 vulnerabilities with CWE-287
CVE-2024-28009 CRITICAL
NEC Aterm Firmware - Improper Authentication
CVSS 9.8
CVE-2024-28007 CRITICAL
NEC Aterm Firmware - Improper Authentication
CVSS 9.8
CVE-2024-28006 MEDIUM
NEC Aterm Firmware - Improper Authentication
CVSS 5.3
CVE-2024-2244 MEDIUM
Hitachi Energy Asset Suite EAM 9.6.3.0-9.6.3.12 & 9.6.4.0 - Improper Authentication
CVSS 5.3
CVE-2024-2873 CRITICAL
wolfssh < 1.4.17 - Unauthenticated Channel Creation via Server-Side State Machine
CVSS 9.1
CVE-2024-2862 CRITICAL
LG LED Assistant - Unauthenticated Password Reset
CVSS 9.1
CVE-2024-1148 CRITICAL
OpenText PVCS Version Manager - Auth Bypass
CVSS 9.8
CVE-2024-1147 CRITICAL
OpenText PVCS Version Manager - Auth Bypass
CVSS 9.8
CVE-2024-27923 HIGH
Grav < 1.7.43 - Remote Code Execution via Frontmatter Feature
CVSS 8.8
CVE-2024-28735 HIGH
Unit4 Financials by Coda < 2023q4 - Authenticated Authorization Bypass via Password Modification Request
CVSS 8.1
CVE-2024-27767 CRITICAL
Unitronics UniLogic < 1.35.227 - Authentication Bypass
CVSS 10.0
CVE-2024-28255 CRITICAL
OpenMetadata - Authentication Bypass
CVSS 9.8
CVE-2024-2450 HIGH
Mattermost <8.1.10, <9.2.6, <9.3.2, <9.4.3 - Privilege Escalation
CVSS 8.8
CVE-2024-25652 HIGH
Delinea Secret Server 11.4 - Unauthorized Access to Remote Sessions via Custom Legacy Report
CVSS 7.6
CVE-2024-0799 CRITICAL
Arcserve Unified Data Protection <9.2,8.1 - Auth Bypass
CVSS 9.8
CVE-2024-21427 HIGH
Windows Server Kerberos Security Feature Bypass (2012, 2016, 2019, 2022, 23H2)
CVSS 7.5
CVE-2024-21390 HIGH
Microsoft Authenticator < 6.2401.0617 - Elevation of Privilege
CVSS 7.1
CVE-2024-21899 CRITICAL
QNAP QTS < 4.5.4.2627 and QuTS hero < h4.5.4.2626 and QuTScloud < c5.1.5.2651 - Improper Authentication
CVSS 9.8
CVE-2024-23255 LOW
iPadOS < 17.4 and macOS 14.0-14.4 - Unauthenticated Hidden Photos Album Access
CVSS 2.4
CVE-2024-20301 MEDIUM
Cisco Duo Authentication For Windows Logon And RDP < 4.3.0 - Insufficient Session Expiration
CVSS 6.2
CVE-2024-25128 CRITICAL
Flask-AppBuilder <4.3.11 - OpenID Authentication Bypass via Forged Provider Request
CVSS 9.1
CVE-2024-1735 CRITICAL
armeria-saml < 1.27.2 - Authentication Bypass via Malicious SAML Message
CVSS 9.1
CVE-2024-22395 MEDIUM
SonicWall SMA 200/210/400/410/500v < 10.2.1.11-65sv Authenticated MFA Bypass
CVSS 6.3
CVE-2024-1817 HIGH
Demososo DM Enterprise Website Building System < 2022.8 - Improper Authentication via Cookie Handler
CVSS 7.3
CVE-2024-22245 CRITICAL
VMware Enhanced Authentication Plug-in (EAP) - Arbitrary Authentication Relay and Session Hijack
CVSS 9.6
Details
Vulnerabilities 4,355
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits