CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,360 vulnerabilities with CWE-287
CVE-2023-23450 MEDIUM
SICK FTMg AIR FLOW SENSOR Firmware < 2.0 - Unauthenticated Authentication Bypass via REST Interface
CVSS 6.2
CVE-2023-32081 MEDIUM
Vert.x STOMP 3.1.0-3.9.15 and 4.0.0-4.4.1 - Unauthenticated Message Subscription and Publishing
CVSS 6.5
CVE-2023-27823 CRITICAL
Optoma 1080PSTX C02 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2023-32243 CRITICAL
Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation via Arbitrary Password Reset
CVSS 9.8
CVE-2023-29032 HIGH
Apache OpenMeetings <7.1.0 - Info Disclosure
CVSS 8.1
CVE-2023-28325 MEDIUM
Rocket.Chat < 6.0.0 - Improper Authorization via rid Parameter Manipulation
CVSS 6.5
CVE-2023-0858 LOW
Canon MF/LBP Series Firmware < 11.04 - Unauthenticated Improper Access Control
CVSS 3.1
CVE-2023-31152 MEDIUM
Schweitzer Engineering Laboratories SEL RTAC - Auth Bypass
CVSS 4.0
CVE-2023-27919 MEDIUM
NEXT ENGINE Integration Plugin for EC-CUBE 2.0 - Unauthenticated Authentication Bypass
CVSS 5.3
CVE-2023-28125 MEDIUM
Ivanti Avalanche < 6.3.4.153 - Authentication Bypass via Message Registration
CVSS 5.9
CVE-2023-31127 CRITICAL
libspdm < 2.3.2 - Authentication Bypass via Session Establishment Manipulation
CVSS 9.0
CVE-2023-31123 CRITICAL
effectindex/tripreporter < 2023-04-30 - Improper Password Verification
CVSS 9.1
CVE-2023-28182 MEDIUM
iPadOS < 15.7.4 - VPN Server Spoofing via EAP-Only Authentication
CVSS 6.5
CVE-2023-30328 CRITICAL
Shimo VPN Client 5.0.4 - Authentication Bypass via PID Re-use
CVSS 9.8
CVE-2023-21487 MEDIUM
Samsung Android - Improper Access Control in Telephony Framework
CVSS 5.1
CVE-2023-21484 MEDIUM
Samsung Android AppLock - Improper Access Control
CVSS 5.1
CVE-2023-30869 CRITICAL
Easy Digital Downloads 3.1-3.1.1.4.1 - Unauthenticated Privilege Escalation
CVSS 9.8
CVE-2023-30063 HIGH
D-Link DIR-890L FW1.10 A1 - Authentication Bypass
CVSS 7.5
CVE-2023-30061 HIGH
D-Link DIR-879 v105A1 - Authentication Bypass via phpcgi
CVSS 7.5
CVE-2023-1477 HIGH
HYPR Keycloak Authenticator Extension <8.0.3 - Auth Bypass
CVSS 7.2
CVE-2023-28473 LOW
Concrete CMS <8.5.12 & 9.0-9.1.3 - Auth Bypass
CVSS 3.3
CVE-2023-1778 CRITICAL
GajShield Data Security Firewall <4.28 - Privilege Escalation
CVSS 10.0
CVE-2023-2297 CRITICAL
Profile Builder < 3.9.0 - Unauthenticated Password Reset via Plaintext Reset Key
CVSS 9.8
CVE-2023-30845 HIGH
ESPv2 2.20.0-2.42.0 - Authentication Bypass via X-HTTP-Method-Override Header
CVSS 8.2
CVE-2023-25131 CRITICAL
PowerPanel Business < 4.8.6 - Unauthenticated Default Password Bypass
CVSS 9.4
Details
Vulnerabilities 4,360
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits