CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,363 vulnerabilities with CWE-287
CVE-2023-27538 MEDIUM
libcurl < 8.0.0 - Authentication Bypass via SSH Connection Reuse
CVSS 5.5
CVE-2023-27536 MEDIUM
libcurl < 8.0.0 - Authentication Bypass via Connection Reuse
CVSS 5.9
CVE-2023-27535 MEDIUM
libcurl < 8.0.0 - Authentication Bypass via FTP Connection Reuse
CVSS 5.9
CVE-2023-28647 MEDIUM
Nextcloud iOS <4.7.0 - Privilege Escalation
CVSS 4.4
CVE-2023-28646 MEDIUM
Nextcloud android <3.24.1 - Info Disclosure
CVSS 4.4
CVE-2023-28503 CRITICAL
Rocket Software UniData <8.2.4-11.3.5-12.2.1 - Auth Bypass
CVSS 9.8
CVE-2023-28398 CRITICAL
Osprey Pump Controller 1.01 - Unauthenticated Account Creation and Authentication Bypass
CVSS 9.8
CVE-2023-21027 HIGH
Android 13 - Improper Authentication in PasspointXmlUtils
CVSS 7.5
CVE-2023-28609 CRITICAL
Ansible Semaphore <2.8.89 - Auth Bypass
CVSS 9.8
CVE-2023-1464 HIGH
SourceCodester Medicine Tracker System 1.0 - Auth Bypass
CVSS 7.3
CVE-2023-1460 MEDIUM
SourceCodester Online Pizza Ordering System 1.0 - Auth Bypass
CVSS 6.5
CVE-2023-21460 MEDIUM
Samsung Android - Improper Authentication in SecSettings
CVSS 4.4
CVE-2023-21455 MEDIUM
Samsung Exynos Firmware - Improper Authentication
CVSS 5.9
CVE-2023-28461 CRITICAL KEV
Array Networks AG and vxAG - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2023-1327 CRITICAL
Netgear RAX30 Firmware < 1.0.6.74 - Unauthenticated Authentication Bypass via Password Reset
CVSS 9.8
CVE-2023-25957 CRITICAL
Mendix SAML 1.16.4-1.17.2, 2.2.0-2.2.9, 3.1.8-3.3.0 - Authentication Bypass via SAML
CVSS 9.1
CVE-2023-23857 CRITICAL
SAP NetWeaver AS for Java -7.50 - Info Disclosure
CVSS 9.9
CVE-2023-27582 CRITICAL
maddy 0.2.0-0.6.2 - Authentication Bypass via SASL PLAIN Username
CVSS 9.1
CVE-2023-27482 CRITICAL
Home Assistant <2023.3.0 and Supervisor <2023.03.1 - Unauthenticated Authentication Bypass via Supervisor API
CVSS 10.0
CVE-2023-0228 HIGH
ABB Symphony Plus <2.1 SP2, 2.2, <3.3 SP1, 3.3 SP2 - Auth Bypass
CVSS 8.8
CVE-2023-25931 MEDIUM
Medtronic InterStim X and Micro Clinician - Unverified Password Change
CVSS 6.4
CVE-2023-1065 MEDIUM
Snyk Kubernetes Monitor < 2.0.0 - Unauthenticated Data Injection via Integration ID
CVSS 6.5
CVE-2023-25264 HIGH
Docmosis Tornado < 2.9.5 - Unauthenticated Authentication Bypass via Relative Path Segments
CVSS 7.5
CVE-2023-23493 LOW
macOS 12.0.0-12.6.3 - Unauthenticated Encrypted Volume Remount
CVSS 3.3
CVE-2023-20012 MEDIUM
Cisco Nexus 9300-FX3 Series Fabric Extender - Unauthenticated Authentication Bypass via CLI Console Login
CVSS 5.3
Details
Vulnerabilities 4,363
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits