CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,360 vulnerabilities with CWE-287
CVE-2023-2959 HIGH
Oliva Expertise EKS < 1.2 - Authentication Bypass
CVSS 7.5
CVE-2023-35901 LOW
IBM Robotic Process Automation <21.0.7.6, <23.0.6 - CSRF
CVSS 2.7
CVE-2023-37268 MEDIUM
warpgate - Improper Authentication via SSO Login
CVSS 6.4
CVE-2023-36466 LOW
Discourse < 3.0.5 - Improper Authentication via Topic Title Validation Bypass
CVSS 3.5
CVE-2023-2975 MEDIUM
OpenSSL 3.0.0-3.0.8 - Improper Authentication in AES-SIV Cipher
CVSS 5.3
CVE-2023-30560 MEDIUM
BD Alaris 8015 PCU Firmware < 12.1.3 - Unauthenticated Configuration Modification via Physical Connection
CVSS 6.8
CVE-2023-30559 MEDIUM
BD Alaris 8015 PCU Firmware < 12.1.3 - Unauthenticated Firmware Update Package Tampering
CVSS 5.2
CVE-2023-34137 CRITICAL
SonicWall GMS <9.3.2-SP1 & Analytics <2.5.0.4-R7 - Auth Bypass
CVSS 9.8
CVE-2023-34124 CRITICAL
SonicWall GMS <9.3.2-SP1 & Analytics <2.5.0.4-R7 - Auth Bypass
CVSS 9.8
CVE-2023-33274 CRITICAL
PowerShield SNMP Web Pro 1.1 - Auth Bypass
CVSS 9.8
CVE-2023-31007 NONE
Apache Pulsar <= 2.9.4, 2.10.0-2.10.3, 2.11.0 - Improper Authentication via Expired Auth Data Bypass
CVE-2023-3127 HIGH
Johnson Controls iSTAR Ultra/LT/G2 & Edge G2 <6.9.2 - Unauthenticated Admin Access
CVSS 7.5
CVE-2023-31190 HIGH
DroneScout DS230 Firmware 20211210-1627-20230329-1042 - Improper Certificate Validation in Firmware Update Procedure
CVSS 8.1
CVE-2023-30675 MEDIUM
Samsung Pass < 4.2.03.1 - Improper Authentication
CVSS 6.2
CVE-2023-35940 HIGH
GLPI 9.5.0-10.0.8 - Unauthenticated Dashboard Data Access via Incorrect Rights Check
CVSS 7.5
CVE-2023-32620 MEDIUM
WL-WN531AX2 Firmware < 2023526 - Unauthenticated Wireless Password Exposure
CVSS 6.5
CVE-2023-33190 CRITICAL
Sealos <4.2.1-rc4 - Privilege Escalation
CVSS 9.9
CVE-2023-32222 CRITICAL
D-Link DSL-G256DG vBZ_1.00.27 - Authentication Bypass
CVSS 9.8
CVE-2023-20199 MEDIUM
Cisco Duo Two-Factor Authentication for macOS - Privilege Escalation
CVSS 6.2
CVE-2023-30945 CRITICAL
Multiple Services - Unauthenticated File Read/Write
CVSS 9.8
CVE-2023-32524 HIGH
Trend Micro Mobile Security (Enterprise) 9.8 SP5 - Improper Authentication
CVSS 8.8
CVE-2023-32523 HIGH
Trend Micro Mobile Security (Enterprise) 9.8 SP5 - Authentication Bypass via Widget
CVSS 8.8
CVE-2023-35154 HIGH
Knowage 6.1.0-8.1.7 - Unauthenticated Account Activation Bypass
CVSS 7.2
CVE-2023-28073 HIGH
Dell Precision 3570 and Latitude 5530 Firmware < 1.13.2 - Authenticated Privilege Escalation via Authentication Bypass
CVSS 8.2
CVE-2023-3326 CRITICAL
FreeBSD pam_krb5 - Improper Authentication via Unvalidated KDC Response
CVSS 9.8
Details
Vulnerabilities 4,360
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits