CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,355 vulnerabilities with CWE-287
CVE-2023-47222 CRITICAL
QNAP Media Streaming add-on >=500.1.1.0 <500.1.1.5 - Exposure of Sensitive Information via Network
CVSS 9.6
CVE-2023-6787 MEDIUM
Keycloak < 22.0.10 - Authentication Bypass via Re-authentication Mechanism
CVSS 6.5
CVE-2023-3597 MEDIUM
Keycloak < 22.0.10 - Authentication Bypass via Incorrect Client Step-Up Validation
CVSS 5.0
CVE-2023-51484 CRITICAL
Login as User or Customer (User Switching) <= 3.8 - Unauthenticated Privilege Escalation
CVSS 9.8
CVE-2023-51482 CRITICAL
EazyPlugin Manager <4.1.2 - Auth Bypass
CVSS 9.9
CVE-2023-51478 CRITICAL
Abdul Hakeem Build App Online <1.0.19 - Privilege Escalation
CVSS 9.8
CVE-2023-51477 CRITICAL
BuddyBoss Theme <2.4.60 - Auth Bypass
CVSS 9.8
CVE-2023-51472 CRITICAL
Mestres do WP Checkout Mestres WP <7.1.9.7 - Privilege Escalation
CVSS 9.8
CVE-2023-51471 HIGH
Mestres do WP Checkout Mestres WP <7.1.9.7 - Auth Bypass
CVSS 8.2
CVE-2023-51405 HIGH
Repute Infosystems BookingPress <1.0.74 - Auth Bypass
CVSS 8.2
CVE-2023-47504 MEDIUM
Elementor Website Builder <= 3.16.4 - Improper Authentication
CVSS 6.5
CVE-2023-25790 MEDIUM
WoodMart < 7.0.4 - Unauthenticated Cross-Site Scripting via Arbitrary Shortcodes Injection
CVSS 5.3
CVE-2023-48865 MEDIUM
Reportico Till <8.1.0 - Info Disclosure
CVSS 6.5
CVE-2023-52540 HIGH
Huawei EMUI and HarmonyOS - Improper Authentication in Iaware Module
CVSS 7.5
CVE-2023-44039 CRITICAL
VeridiumID <3.5.0 - Privilege Escalation
CVSS 9.1
CVE-2023-31634 CRITICAL
TeslaMate <1.27.2 - Info Disclosure
CVSS 9.8
CVE-2023-38534 HIGH
OpenText Exceed Turbo X <12.5.1 - Info Disclosure
CVSS 8.6
CVE-2023-46717 HIGH
FortiOS <7.4.1-7.2.6-7.0.12 - Auth Bypass
CVSS 7.5
CVE-2023-49340 CRITICAL
Newland Nquire 1000 Interactive Kiosk <V1.00.011 - Privilege Escala...
CVSS 9.8
CVE-2023-46172 MEDIUM
IBM DS8900F Firmware - Authentication Bypass
CVSS 5.6
CVE-2023-42662 CRITICAL
JFrog Artifactory 7.59.0-7.59.17 - Unauthenticated Access Token Exposure via CLI/IDE Browser SSO Integration
CVSS 9.3
CVE-2023-48703 HIGH
RobotsAndPencils go-saml - Auth Bypass
CVSS 7.5
CVE-2023-38367 MEDIUM
IBM Cloud Pak for Business Automation 18.0.0-22.0.2 - Unauthenticated CRUD Operations via Invalid Token
CVSS 6.5
CVE-2023-38372 MEDIUM
IBM Watson IoT Platform 1.0 - Privilege Escalation
CVSS 5.9
CVE-2023-52161 HIGH
iNet wireless daemon < 2.14 - Improper Authentication via EAPOL Handshake Bypass
CVSS 7.5
Details
Vulnerabilities 4,355
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits