CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,358 vulnerabilities with CWE-287
CVE-2023-5830 HIGH
ColumbiaSoft Document Locator < 7.2 - Improper Authentication via WebTools Login Server Parameter
CVSS 7.3
CVE-2023-35794 HIGH
Cassia Access Controller 2.1.1.2303271039 - Unauthenticated Web SSH Terminal Access
CVSS 8.8
CVE-2023-46290 HIGH
FactoryTalk Services Platform - Privilege Escalation
CVSS 8.1
CVE-2023-30967 CRITICAL
Gotham Orbital-Simulator <0.692.0 - Path Traversal
CVSS 9.8
CVE-2023-37283 HIGH
PingFederate 10.3.0-10.3.11 - Authentication Bypass in Identifier First Adapter
CVSS 8.1
CVE-2023-27377 HIGH
idattend idweb < 3.1.052 - Unauthenticated Sensitive Data Exposure
CVSS 7.5
CVE-2023-5246 HIGH
SICK Flexi Soft Gateways - Unauthenticated Authentication Bypass via Capture-replay
CVSS 8.8
CVE-2023-38735 MEDIUM
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 - Auth Bypass
CVSS 5.7
CVE-2023-4939 MEDIUM
SALESmanago < 3.2.4 - Unauthenticated Log Injection via Weak Callback API Token
CVSS 5.3
CVE-2023-41089 HIGH
Dexma DexGate - Improper Authentication
CVSS 8.0
CVE-2023-45669 MEDIUM
webauthn4j-spring-security < 0.9.1.RELEASE - Improper Signature Counter Handling
CVSS 4.8
CVE-2023-4562 CRITICAL
Mitsubishi Electric Corporation MELSEC-F Series - Auth Bypass
CVSS 9.1
CVE-2023-41261 MEDIUM
Plixer Scrutinizer <19.3.1 - Info Disclosure
CVSS 5.3
CVE-2023-23632 HIGH
BeyondTrust Privileged Remote Access 22.2.1-22.3.3 - Local Authentication Bypass via BYOT Shell Jump Session
CVSS 7.8
CVE-2023-24479 CRITICAL
Yifan YF325 1.0_20221108 nvram.cgi - Authentication Bypass Command Execution
CVSS 9.8
CVE-2023-44096 HIGH
Device Authentication Module - Info Disclosure
CVSS 7.5
CVE-2023-36724 MEDIUM
Windows Power Management - Info Disclosure
CVSS 5.5
CVE-2023-43809 HIGH
Soft Serve < 0.6.2 - Unauthenticated Authentication Bypass via Keyboard-Interactive SSH Mode
CVSS 7.5
CVE-2023-43805 HIGH
nexkey < 12.121.9 - Authentication Bypass via Incomplete URL Validation
CVSS 7.5
CVE-2023-43793 HIGH
Misskey < 2023.9.0 - Unauthenticated Authentication Bypass via URL Manipulation
CVSS 7.5
CVE-2023-40376 MEDIUM
IBM UrbanCode Deploy 7.1-7.1.2.12, 7.2-7.2.3.5, 7.3-7.3.2.0 - Authenticated Environment Variable Modification
CVSS 5.3
CVE-2023-28540 CRITICAL
Qualcomm 315 5G IoT Modem Firmware - Improper Authentication during TLS Handshake
CVSS 9.1
CVE-2023-26150 MEDIUM
asyncua <0.9.96 - Improper Authentication
CVSS 6.5
CVE-2023-42771 HIGH
FurunoSystems ACERA 1310 and 1320 Firmware < 01.26 - Unauthenticated Authentication Bypass
CVSS 8.8
CVE-2023-5329 MEDIUM
f-logic datacube4_firmware < 2023-10-01 - Improper Authentication in Web API
CVSS 4.3
Details
Vulnerabilities 4,358
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits