CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,358 vulnerabilities with CWE-287
CVE-2023-5328 MEDIUM
SATO CL4NX-J Plus 1.13.2-u455_r2 - Improper Authentication via Cookie Handler
CVSS 6.3
CVE-2023-5326 MEDIUM
SATO CL4NX-J Plus 1.13.2-u455_r2 - Improper Authentication in WebConfig
CVSS 6.3
CVE-2023-43660 MEDIUM
warpgate < 0.8.1 - Authentication Bypass via Unsigned SSH Key Offer
CVSS 4.8
CVE-2023-42818 MEDIUM
JumpServer < 3.5.6 - Improper Authentication via SSH Public Key Bypass
CVSS 5.4
CVE-2023-20252 CRITICAL
Cisco Catalyst SD-WAN Manager Software - Auth Bypass
CVSS 9.8
CVE-2023-44152 CRITICAL
Acronis Cyber Protect <35979 - Info Disclosure
CVSS 9.1
CVE-2023-41904 MEDIUM
ManageEngine ADManager Plus < 7203 - Two-Factor Authentication Bypass via REST API
CVSS 5.4
CVE-2023-31015 MEDIUM
NVIDIA DGX H100 BMC - Privilege Escalation
CVSS 6.6
CVE-2023-4094 MEDIUM
Fujitsu ARCONTE Aurea 1.5.0.0 - Denial of Service via Account Lockout Bypass
CVSS 6.5
CVE-2023-0773 CRITICAL
Uniview IPC322LB-SF28-A < cipc-b2303.2.8.230105 - RCE via Web Interface
CVSS 9.1
CVE-2023-42442 HIGH
JumpServer 3.0.0-3.5.4 - Unauthenticated Session Replay Download via Terminal Sessions API
CVSS 8.2
CVE-2023-41900 LOW
Eclipse Jetty 9.4.21-9.4.51, 10.0.15, 11.0.15 - Weak Authentication via OpenIdAuthenticator LoginService Bypass
CVSS 3.5
CVE-2023-0813 HIGH
Red Hat Network Observability - Unauthenticated Access via Loki authToken Misconfiguration
CVSS 7.5
CVE-2023-4985 MEDIUM
Supcon InPlant SCADA < 20230901 - Improper Authentication in Project.xml
CVSS 5.9
CVE-2023-4669 CRITICAL
Exagate SYSGuard 3001 < 3.2.20.0 - Authentication Bypass
CVSS 9.8
CVE-2023-4568 MEDIUM
PaperCut NG <22.0.12 - Unauthenticated RCE
CVSS 6.5
CVE-2023-39215 HIGH
Zoom Meeting SDK < 5.15.5 - Authenticated Denial of Service
CVSS 7.1
CVE-2023-4501 CRITICAL
OpenText (Micro Focus) Visual COBOL <9.0 - Auth Bypass
CVSS 9.8
CVE-2023-29463 HIGH
Rockwell Automation Pavilion8 < 5.20 - Unauthenticated Improper Authentication via JMX Console
CVSS 8.8
CVE-2023-39069 CRITICAL
StrangeBee Cortex < 3.1.6 and TheHive < 3.5.2 - Authentication Bypass via Active Directory Mechanism
CVSS 9.8
CVE-2023-4816 MEDIUM
HitachiEnergy Asset Suite < 9.6.3.11.1 - Authenticated Improper Authentication via SSO Password Validation Bypass
CVSS 6.9
CVE-2023-20238 CRITICAL
Cisco BroadWorks Platforms Unauthenticated Credential Forgery via SSO Token
CVSS 10.0
CVE-2023-4498 MEDIUM
Tenda N300 Wireless N VDSL2 Modem Router - Unauthenticated Access to Authenticated Pages
CVSS 5.3
CVE-2023-37284 HIGH
Archer C20 Firmware < 230616 - Unauthenticated OS Command Injection via Authentication Bypass
CVSS 8.8
CVE-2023-30725 MEDIUM
Samsung Gallery < 14.5.01.2 - Improper Authentication in LocalProvider
CVSS 5.1
Details
Vulnerabilities 4,358
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits