CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,363 vulnerabilities with CWE-287
CVE-2023-2297 CRITICAL
Profile Builder < 3.9.0 - Unauthenticated Password Reset via Plaintext Reset Key
CVSS 9.8
CVE-2023-30845 HIGH
ESPv2 2.20.0-2.42.0 - Authentication Bypass via X-HTTP-Method-Override Header
CVSS 8.2
CVE-2023-25131 CRITICAL
PowerPanel Business < 4.8.6 - Unauthenticated Default Password Bypass
CVSS 9.4
CVE-2023-0209 HIGH
NVIDIA DGX-1 SBIOS < 52w_3a13 - Unauthenticated Arbitrary Code Execution via Uncore PEI Module
CVSS 8.2
CVE-2023-27351 HIGH KEV
PaperCut MF and NG 15.0.0-20.1.6 and 22.0.5 - Unauthenticated Authentication Bypass in SecurityRequestFilter
CVSS 7.5
CVE-2023-25601 MEDIUM
Apache DolphinScheduler 3.0.0-3.1.1 - Unauthenticated Improper Authentication via Python Gateway
CVSS 4.3
CVE-2023-22893 HIGH
Strapi 3.0.0-4.5.5 - Authentication Bypass via AWS Cognito None Algorithm ID Token
CVSS 7.5
CVE-2023-25556 HIGH
Schneider Electric Merten KNX Devices - Improper Authentication via Short Key Entry
CVSS 8.3
CVE-2023-28973 HIGH
Juniper Networks Junos OS Evolved - Privilege Escalation
CVSS 7.1
CVE-2023-28963 MEDIUM
Juniper Networks Junos OS <19.1R3-S10, <19.2R3-S7, <19.3R3-S8, <19....
CVSS 5.3
CVE-2023-28962 MEDIUM
Juniper Networks Junos OS <19.4R3-S11, <20.1R1, <20.2R3-S7, <20.3R1...
CVSS 5.3
CVE-2023-24831 CRITICAL
Apache IoTDB Grafana Connector 0.13.0-0.13.3 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2023-2027 CRITICAL
ZM Ajax Login & Register < 2.0.2 - Unauthenticated Authentication Bypass via Facebook Login
CVSS 9.8
CVE-2023-25597 MEDIUM
Mitel MiCollab < 9.7 - Unauthenticated Sensitive Information Exposure via Web Conferencing File Download
CVSS 5.9
CVE-2023-1833 CRITICAL
DTS Electronics Redline Router <7.17 - Auth Bypass
CVSS 9.8
CVE-2023-1803 CRITICAL
DTS Electronics Redline Router <7.17 - Auth Bypass
CVSS 9.8
CVE-2023-1617 CRITICAL
B&R VC4 - Auth Bypass
CVSS 9.8
CVE-2023-28121 CRITICAL
WooCommerce Payments < 4.8.2 and WooPayments < 5.6.2 - Unauthenticated Privilege Escalation via Request Forgery
CVSS 9.8
CVE-2023-1980 MEDIUM
Drevolutions Remote Desktop Manager <2022.3.35 - Auth Bypass
CVSS 6.5
CVE-2023-23761 HIGH
GitHub Enterprise Server < 3.9 - Unauthenticated Secret Gist Modification via SSH Certificate Authority
CVSS 7.7
CVE-2023-27091 HIGH
TeaCMS 2.3.3 - Privilege Escalation
CVSS 7.2
CVE-2023-1752 HIGH
Nexx Smart Home - Info Disclosure
CVSS 8.1
CVE-2023-1784 MEDIUM
jeecg-boot 3.5.0 - Improper Authentication in API Documentation
CVSS 5.3
CVE-2023-28862 CRITICAL
LemonLDAP::NG <2.16.1 - Auth Bypass
CVSS 9.8
CVE-2023-28727 CRITICAL
Panasonic AiSEG2 <2.93A - Auth Bypass
CVSS 9.6
Details
Vulnerabilities 4,363
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits