CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,360 vulnerabilities with CWE-287
CVE-2023-39531 MEDIUM
Sentry 10.0.0-23.7.1 - Improper Authentication during OAuth Token Exchange
CVSS 6.5
CVE-2023-4242 MEDIUM
FULL Customer plugin for WordPress <2.2.4 - Info Disclosure
CVSS 4.3
CVE-2023-21626 HIGH
Qualcomm APQ8009 and other Firmware - Cryptographic Issue via Improper Key Velocity Check Authentication
CVSS 7.1
CVE-2023-36926 LOW
SAP Host Agent <7.22 - Info Disclosure
CVSS 3.7
CVE-2023-39349 HIGH
Sentry 22.1.0-23.7.1 - Authenticated Token Scope Escalation via API Token Query
CVSS 8.1
CVE-2023-32090 CRITICAL
Pega Platform <7.3.1 - Info Disclosure
CVSS 9.8
CVE-2023-0264 MEDIUM
Keycloak - Authenticated Session Impersonation via OpenID Connect Request Data
CVSS 5.0
CVE-2023-39112 MEDIUM
ECShop 4.1.16 - Arbitrary File Deletion in Admin Panel
CVSS 6.5
CVE-2023-38691 MEDIUM
matrix-appservice-bridge <8.1.2,9.0.1 - Open Redirect
CVSS 5.0
CVE-2023-20214 CRITICAL
Cisco SD-WAN vManage - Info Disclosure
CVSS 9.1
CVE-2023-33363 HIGH
Suprema BioStar 2 <2.9.1 - Auth Bypass
CVSS 7.5
CVE-2023-34196 HIGH
Keyfactor EJBCA < 8.0.0 - Unauthenticated CA Certificate Disclosure via RA Web Certificate Distribution Servlet
CVSS 8.2
CVE-2023-1935 CRITICAL
Emerson ROC800-Series and DL8000 Firmware - Authentication Bypass
CVSS 9.4
CVE-2023-3470 MEDIUM
F5 BIG-IP - Improper Authentication via Deterministic Crypto User Password
CVSS 6.0
CVE-2023-33563 HIGH
PHP Jabbers Time Slots Booking Calendar 3.3 - RCE
CVSS 8.8
CVE-2023-3622 MEDIUM
SolarWinds Platform < 2023.2.1 - Access Control Bypass
CVSS 4.3
CVE-2023-38555 HIGH
Fujitsu network devices - Auth Bypass
CVSS 8.8
CVE-2023-2626 HIGH
Google Nest Hub Max Firmware 10.20221207.2.109-10.20221207.2.119 - Authentication Bypass via Key ID Mode 2
CVSS 7.5
CVE-2023-35078 CRITICAL KEV
Ivanti Endpoint Manager Mobile < 11.8.1.1 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2023-37918 MEDIUM
Dapr <1.10.9 and 1.11.0-1.11.2 - API Token Authentication Bypass via Crafted HTTP Request
CVSS 6.8
CVE-2023-37471 CRITICAL
OpenAM < 14.7.3 - Authentication Bypass via SAML Response Signature Validation
CVSS 9.1
CVE-2023-3638 CRITICAL
GeoVision GV-ADR2701 - Improper Authentication via Login Response Manipulation
CVSS 9.8
CVE-2023-27877 MEDIUM
IBM Cloud Pak for Data 4.0 - Improper Authentication to CouchDB Server
CVSS 5.3
CVE-2023-37266 CRITICAL
CasaOS < 0.4.4 - Unauthenticated Remote Code Execution via JWT Validation Bypass
CVSS 9.8
CVE-2023-3591 MEDIUM
Mattermost 7.8.0-7.8.6 - Improper Authentication via Password Reset Token Reuse
CVSS 4.8
Details
Vulnerabilities 4,360
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits