CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,355 vulnerabilities with CWE-287
CVE-2023-52160 MEDIUM
Debian Linux < 2.10 - Authentication Bypass
CVSS 6.5
CVE-2023-6451 HIGH
AlayaCare's Procura Portal <9.0.1.2 - Auth Bypass
CVSS 8.6
CVE-2023-31189 MEDIUM
Intel(R) Server Product OpenBMC <egs-1.09 - Privilege Escalation
CVSS 5.2
CVE-2023-51761 HIGH
Emerson Rosemount GC370XA-GC700XA-GC1500XA - Auth Bypass
CVSS 8.3
CVE-2023-39196 MEDIUM
Apache Ozone 1.2.0-1.3.0 - Unauthenticated Metadata Disclosure in Storage Container Manager
CVSS 5.3
CVE-2023-39303 MEDIUM
QNAP QTS, QuTS hero, and QuTScloud - Improper Authentication
CVSS 5.3
CVE-2023-50934 MEDIUM
IBM PowerSC 1.3, 2.0, and 2.1 - Improper Authentication
CVSS 5.3
CVE-2023-47256 MEDIUM
ConnectWise ScreenConnect < 23.8.5 - Implicit Trust of Proxy Settings
CVSS 5.5
CVE-2023-51982 CRITICAL
CrateDB 5.5.1 - Authentication Bypass via X-Real-IP Header
CVSS 9.8
CVE-2023-50275 HIGH
HPE OneView < 8.70 - Authentication Bypass and Denial of Service via clusterService
CVSS 7.5
CVE-2023-42935 MEDIUM
macOS 13.0-13.6.3 - Unauthenticated User Data Exposure via Fast User Switching
CVSS 5.5
CVE-2023-52111 HIGH
Huawei EMUI and HarmonyOS - Improper Authentication in BootLoader Module
CVSS 7.5
CVE-2023-46942 HIGH
NPM @evershop/evershop <1.0.0-rc.8 - Info Disclosure
CVSS 7.5
CVE-2023-46805 HIGH KEV
Ivanti Connect Secure Unauthenticated Remote Code Execution
CVSS 8.2
CVE-2023-49262 CRITICAL
Hongdian H8951-4G-ESP Firmware <= 2310271149 - Authentication Bypass via Cookie Overflow
CVSS 9.8
CVE-2023-50919 CRITICAL
GL.iNet Unauthenticated Remote Command Execution via the logread module.
CVSS 9.8
CVE-2023-50127 MEDIUM
Hozard alarm_system v1.0 - Unauthenticated Improper Authentication via SMS Commands
CVSS 5.9
CVE-2023-48257 HIGH
Bosch nexo-os 1000-1500-sp2 - Authenticated Remote Code Execution via Crafted HTTP Requests
CVSS 7.8
CVE-2023-5376 HIGH
Korenix JetNet Series - Unauthenticated TFTP Access
CVSS 8.6
CVE-2023-51717 CRITICAL
Dataiku DSS <11.4.5,12.4.1 - Auth Bypass
CVSS 9.8
CVE-2023-7211 MEDIUM
Uniwayinfo Uw-302vp Firmware < 2.0 - Authentication Bypass
CVSS 5.6
CVE-2023-7210 HIGH
onenav < 0.9.33 - Improper Authentication via X-Token
CVSS 7.3
CVE-2023-7079 MEDIUM
Cloudflare Wrangler 3.9.0-3.18.9 - Unauthenticated Arbitrary File Read via Dev Server
CVSS 6.4
CVE-2023-31292 MEDIUM
Sesami CPTO <6.3.8.6 - Info Disclosure
CVSS 5.5
CVE-2023-40038 HIGH
Arris DG860A and DG1670A - Unauthenticated Remote Access via Predictable WPA2 PSK
CVSS 8.8
Details
Vulnerabilities 4,355
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits