CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,355 vulnerabilities with CWE-287
CVE-2024-21654 MEDIUM
rubygems.org < 2024-01-08 - Unauthenticated Account Takeover via Forgotten Password MFA Bypass
CVSS 4.8
CVE-2024-22206 CRITICAL
Clerk <4.29.2 - Privilege Escalation
CVSS 9.0
CVE-2024-21638 CRITICAL
Azure IPAM < 3.0.0 - Unauthenticated Privilege Escalation via Token Validation Bypass
CVSS 9.1
CVE-2024-20803 MEDIUM
Samsung Android - Unauthenticated Bluetooth Pairing Bypass
CVSS 6.8
CVE-2024-21632 HIGH
omniauth-microsoft_graph < 2.0.0 - Improper Authentication via Email Attribute Misconfiguration
CVSS 8.6
CVE-2023-5502 MEDIUM
Arista EOS 802.1X Access Ports - Authentication Bypass
CVSS 5.9
CVE-2023-52210 MEDIUM
Tyche softwares Product Delivery Date for WooCommerce - Lite <2.7.0...
CVSS 5.3
CVE-2023-21471 MEDIUM
Samsung Android - Improper Access Control in SemClipboard
CVSS 4.0
CVE-2023-21467 MEDIUM
Samsung Exynos - Improper Authentication via Unencrypted Message Handling
CVSS 4.6
CVE-2023-21466 MEDIUM
Samsung Android - Improper Authentication via CertificatePolicy PendingIntent Hijacking
CVSS 5.3
CVE-2023-44752 CRITICAL
Student Study Center Desk Management System 1.0 - Unauthenticated Authentication Bypass via Crafted GET Request
CVSS 9.8
CVE-2023-52955 MEDIUM
Huawei EMUI and HarmonyOS - Improper Authentication in ANS System Service Module
CVSS 6.5
CVE-2023-31279 HIGH
Sierra Wireless AirVantage - Unauthenticated Device Registration and Management via AirVantage Management Service
CVSS 8.1
CVE-2023-29117 HIGH
Waybox Enel X - Privilege Escalation
CVSS 8.8
CVE-2023-22650 HIGH
Rancher 2.7.0-2.7.13 and 2.8.0-2.8.4 - Improper Authentication via Uncleaned User Tokens
CVSS 8.8
CVE-2023-37226 CRITICAL
Loftware Spectrum < 4.6 HF14 - Unauthenticated Critical Function Access
CVSS 9.8
CVE-2023-45038 MEDIUM
QNAP Music Station 5.0.0-5.3.9 - Improper Authentication
CVSS 4.3
CVE-2023-50804 LOW
Samsung Exynos and Modem Firmware - Improper Authentication via NAS Module Format Type Bypass
CVSS 3.7
CVE-2023-51511 MEDIUM
Pluggabl LLC Booster Elite - Auth Bypass
CVSS 6.5
CVE-2023-48747 MEDIUM
Pluggabl LLC Booster <7.1.2 - Auth Bypass
CVSS 6.5
CVE-2023-47189 MEDIUM
WPMU DEV Defender Security <= 4.2.0 - Improper Authentication
CVSS 5.3
CVE-2023-46630 HIGH
Admin and Site Enhancements (ASE) < 5.7.1 - Improper Authentication
CVSS 7.5
CVE-2023-43551 CRITICAL
Qualcomm 315 5G IoT Modem Firmware - Improper Authentication via Rogue Base Station
CVSS 9.1
CVE-2023-41956 HIGH
Simple Membership < 4.3.4 - Authenticated Account Takeover
CVSS 8.8
CVE-2023-38096 CRITICAL
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
CVSS 9.8
Details
Vulnerabilities 4,355
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits