CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,358 vulnerabilities with CWE-287
CVE-2023-30724 MEDIUM
Samsung Gallery < 14.5.01.2 - Improper Authentication in GallerySearchProvider
CVSS 4.0
CVE-2023-30708 MEDIUM
Samsung Android - Improper Authentication in SecSettings
CVSS 4.6
CVE-2023-34998 HIGH
OAS Platform 18.00.0072 - Authentication Bypass via Network Traffic Sniffing
CVSS 8.1
CVE-2023-31242 HIGH
Open Automation Software OAS Platform <18.00.0072 - Auth Bypass
CVSS 8.1
CVE-2023-39981 HIGH
MXsecurity < 1.0.1 - Unauthenticated Information Disclosure via Inadequate Authentication
CVSS 7.5
CVE-2023-41751 MEDIUM
Acronis Agent < c23.03 - Sensitive Information Disclosure via Improper Token Expiration Validation
CVSS 5.5
CVE-2023-35785 HIGH
ManageEngine Active Directory 360 <= 4315 - Two-Factor Authentication Bypass via TOTP Authenticators
CVSS 8.1
CVE-2023-32202 MEDIUM
Walchem Intuition 9 Firmware < 4.21 - Improper Authentication via Stored Credential Reuse
CVSS 6.5
CVE-2023-40282 MEDIUM
Rakuten WiFi Pocket Firmware - Improper Authentication
CVSS 5.4
CVE-2023-38585 HIGH
CBC Firmware - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-25913 HIGH
Danfoss AK-SM 800A Firmware < 3.3 - Improper Authentication
CVSS 7.5
CVE-2023-4373 CRITICAL
Drevolutions Remote Desktop Manager <2023.2.19 - Privilege Escalation
CVSS 9.8
CVE-2023-4415 HIGH
Ruijie RG-EW1200G 07161417 r483 - Improper Authentication via /api/sys/login
CVSS 7.3
CVE-2023-39415 HIGH
Northgrid Proself < 1.07 - Authentication Bypass
CVSS 7.5
CVE-2023-33237 HIGH
TN-5900 Series firmware <3.3 - Auth Bypass
CVSS 8.8
CVE-2023-39846 CRITICAL
Konga 0.14.9 - Unauthenticated Authentication Bypass via Crafted JWT Token
CVSS 9.8
CVE-2023-32453 MEDIUM
Dell BIOS Improper Authentication Vulnerability
CVSS 4.6
CVE-2023-35082 CRITICAL KEV
Ivanti Endpoint Manager Mobile < 11.11.0 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2023-40020 CRITICAL
PrivateUploader < 3.2.49 - Improper Authentication in Admin Controller
CVSS 9.9
CVE-2023-3263 HIGH
Dataprobe iBoot PDU Firmware < 1.44.0804202 - Authentication Bypass via REST API Credential Parsing
CVSS 7.5
CVE-2023-39380 HIGH
Huawei EMUI and HarmonyOS - Improper Authentication in Audio Module
CVSS 7.5
CVE-2023-40260 CRITICAL
EmpowerID < 7.205.0.1 - Multi-Factor Authentication Bypass via Email Change
CVSS 9.1
CVE-2023-40253 MEDIUM
Genian NAC 4.0.0-4.0.155, 5.0.0-5.0.42; Suite 5.0.0-5.0.54; ZTNA 6.0.0-6.0.15 - Auth Abuse
CVSS 6.0
CVE-2023-39531 MEDIUM
Sentry 10.0.0-23.7.1 - Improper Authentication during OAuth Token Exchange
CVSS 6.5
CVE-2023-4242 MEDIUM
FULL Customer plugin for WordPress <2.2.4 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 4,358
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits