CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,358 vulnerabilities with CWE-287
CVE-2023-48228 HIGH
authentik < 2023.8.5 - Improper Authentication via Missing PKCE Code Verifier Validation
CVSS 7.5
CVE-2023-29155 CRITICAL
INEA ME RTU <3.36b - Privilege Escalation
CVSS 9.8
CVE-2023-44324 CRITICAL
Adobe FrameMaker Publishing Server <= 2022 - Unauthenticated Security Feature Bypass via API
CVSS 9.8
CVE-2023-41442 CRITICAL
Kloudq Technologies Limited Tor Equip <3.1 - RCE
CVSS 9.8
CVE-2023-43582 MEDIUM
Zoom Clients - Privilege Escalation
CVSS 5.5
CVE-2023-47127 MEDIUM
TYPO3 8.0.0-8.7.54, 11.0.0-11.5.32 - Authentication Bypass via Session Cookie Reuse
CVSS 4.2
CVE-2023-32661 MEDIUM
Intel NUC Kits NUC7PJYH/NUC7CJYH Realtek SD Card Reader Driver < 10.0.19041.29098 Privilege Escalation
CVSS 6.7
CVE-2023-28377 MEDIUM
Intel NUC Kit NUC11PH USB Firmware < 1.1 - Authenticated Privilege Escalation via Local Access
CVSS 6.7
CVE-2023-22663 MEDIUM
Intel Unison Software < 20.14.5683.0 - Authenticated Privilege Escalation via Network Access
CVSS 5.9
CVE-2023-29975 HIGH
pfSense 2.6.0 - Unauthenticated Password Change
CVSS 7.2
CVE-2023-4612 CRITICAL
Apereo CAS <7.0.0-RC7 - Auth Bypass
CVSS 9.8
CVE-2023-42554 MEDIUM
Samsung Pass < 4.3.00.17 - Improper Authentication
CVSS 5.4
CVE-2023-42531 MEDIUM
Samsung Android - Improper Access Control in SmsController
CVSS 6.2
CVE-2023-24852 HIGH
Qualcomm Modem and Networking Firmware - Memory Corruption in Core
CVSS 8.4
CVE-2023-39345 HIGH
Strapi < 4.13.1 - Unauthenticated Private Field Modification via User Registration Endpoint
CVSS 7.6
CVE-2023-40660 MEDIUM
OpenSC < 0.23.0 - Improper Authentication via Zero-Length PIN Bypass
CVSS 6.6
CVE-2023-46963 MEDIUM
Yunfan Learning Examination System <6.5 - Info Disclosure
CVSS 5.3
CVE-2023-26455 MEDIUM
Open-Xchange App Suite ChronosRMIService - Unauthenticated Calendar Modification
CVSS 5.6
CVE-2023-46327 MEDIUM
FUJIFILM Business Innovation Corp. & Xerox - Info Disclosure
CVSS 5.9
CVE-2023-5627 HIGH
NPort 6000 Series - Privilege Escalation
CVSS 7.5
CVE-2023-46249 CRITICAL
authentik <2023.8.4-2023.10.2 - Privilege Escalation
CVSS 9.6
CVE-2023-44397 HIGH
fit2cloud cloudexplorer_lite < 1.4.1 - Permission Bypass via Gateway Filter Path Matching
CVSS 7.5
CVE-2023-21307 MEDIUM
Android < 14.0 - Bluetooth Long Term Identifier Disclosure via Permissions Bypass
CVSS 5.0
CVE-2023-21297 MEDIUM
Android < 14.0 - Local Information Disclosure via SEPolicy Permissions Bypass
CVSS 4.4
CVE-2023-5844 HIGH
pimcore admin_classic_bundle < 1.1.4 and admin-ui-classic-bundle < 1.2.0-RC1 - Unverified Password Change
CVSS 7.2
Details
Vulnerabilities 4,358
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits