CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,363 vulnerabilities with CWE-287
CVE-2023-24093 CRITICAL
H3C A210-G A210-GV100R005 - Auth Bypass
CVSS 9.8
CVE-2023-0905 HIGH
SourceCodester Employee Task Management System 1.0 - Improper Authentication via changePasswordForEmployee.php
CVSS 7.3
CVE-2023-23460 CRITICAL
Priority Web 19.1.0.68 - Authentication Bypass via Parameter Manipulation
CVSS 9.1
CVE-2023-21817 HIGH
Windows Kerberos - Privilege Escalation
CVSS 7.8
CVE-2023-21721 MEDIUM
Microsoft OneNote - Privilege Escalation
CVSS 6.5
CVE-2023-25559 HIGH
DataHub < 0.8.45 - Unauthenticated Authorization Bypass via HTTP Header Case Smuggling
CVSS 8.2
CVE-2023-21437 MEDIUM
Samsung Android - Improper Access Control in Phone Application
CVSS 4.0
CVE-2023-21425 MEDIUM
Samsung Android - Improper Access Control in Telecom Application
CVSS 4.3
CVE-2023-21419 MEDIUM
Android Secure Folder - Improper Authentication
CVSS 4.3
CVE-2023-22501 CRITICAL
Jira Service Management 5.3.0-5.3.3 - Authentication Bypass via Signup Token Impersonation
CVSS 9.1
CVE-2023-24830 HIGH
Apache IoTDB 0.13.0-0.13.3 - Improper Authentication in iotdb-web-workbench
CVSS 7.5
CVE-2023-23612 MEDIUM
OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 - Authenticated Role Impersonation via JWT Role Claim Whitespace Trimming
CVSS 4.7
CVE-2023-20924 MEDIUM
Android - Lockscreen Bypass via Biometric Auth Failure
CVSS 6.8
CVE-2023-22964 CRITICAL
ManageEngine ServiceDesk Plus MSP < 10611 and 13x < 13004 - Authentication Bypass via LDAP
CVSS 9.1
CVE-2023-22334 MEDIUM
CONPROSYS HMI System <3.4.5 - Info Disclosure
CVSS 5.3
CVE-2023-21841 HIGH
Oracle WebLogic Server <14.1.1.0.0 - RCE
CVSS 7.5
CVE-2023-22303 CRITICAL
TP-Link TL-SG105PE Firmware < TL-SG105PE(UN) 1.0_1.0.0 Build 20221208 - Authentication Bypass
CVSS 9.8
CVE-2023-22278 MEDIUM
m-FILTER <5.70R01-4.87R04 - Auth Bypass
CVSS 5.3
CVE-2023-0311 CRITICAL
thorsten/phpmyfaq <3.1.10 - Auth Bypass
CVSS 9.8
CVE-2023-22497 MEDIUM
netdata < 1.37.0 - Improper Authentication via MACHINE_GUID as API Key
CVSS 6.5
CVE-2023-0105 MEDIUM
Keycloak - Improper Authentication via Email Trust Mismanagement
CVSS 6.5
CVE-2023-0036 MEDIUM
OpenHarmony 3.0-3.0.5 - Authentication Bypass via platform_callback_stub
CVSS 6.5
CVE-2023-0035 MEDIUM
OpenHarmony 3.0-3.0.5 - Authentication Bypass via SA Relay Attack
CVSS 6.5
CVE-2022-48575 LOW
macOS Monterey < 12.4 - Login Window Bypass via State Handling Issue
CVSS 3.5
CVE-2022-25369 CRITICAL
Dynamicweb < 9.12.8 - Unauthenticated Administrator User Creation and Remote Code Execution
CVSS 9.8
Details
Vulnerabilities 4,363
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits