CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,363 vulnerabilities with CWE-287
CVE-2022-33862 MEDIUM
Eaton Intelligent Power Protector < 1.71 - Unauthenticated Default Credential Access
CVSS 6.7
CVE-2022-25768 HIGH
Mautic 1.1.3-4.4.12 - Unauthenticated Update Process Access
CVSS 7.0
CVE-2022-4002 HIGH
Motorola Q14 Firmware < 1.5.0.16 - Authenticated Command Injection via API Request
CVSS 7.2
CVE-2022-4001 HIGH
Motorola Q14 Mesh Router Firmware < 1.5.0.16 - Unauthenticated Authentication Bypass
CVSS 7.3
CVE-2022-45168 MEDIUM
LIVEBOX Collaboration vDesk < 018 - Two-Factor Authentication Bypass via Backup Code Endpoint
CVSS 6.5
CVE-2022-44595 MEDIUM
Melapress WP 2FA < 2.2.0 - Authentication Bypass
CVSS 5.3
CVE-2022-41738 HIGH
IBM Storage Scale Container <5.1.2.1-5.1.7.0 - SSRF
CVSS 7.5
CVE-2022-41737 HIGH
IBM Storage Scale <5.1.7.0 - Privilege Escalation
CVSS 7.1
CVE-2022-34267 CRITICAL
RWS WorldServer < 11.7.3 - Unauthenticated Remote Code Execution via Token Parameter Bypass
CVSS 9.8
CVE-2022-41678 HIGH
Apache ActiveMQ Jolokia - Authenticated MBean Code Execution
CVSS 8.8
CVE-2022-44569 HIGH
Ivanti Automation < 2023.4 - Authenticated Authentication Bypass via Insecure IPC
CVSS 7.8
CVE-2022-3681 MEDIUM
Motorola MR2600 < 1.0.18 - Unauthenticated WPS Pin Brute Force
CVSS 6.5
CVE-2022-34887 MEDIUM
Lenovo GM265DN, GM266DNS, and G263DNS Firmware - Unauthenticated Printer Configuration Modification
CVSS 4.3
CVE-2022-47848 HIGH
Bezeq Vtech NB403-IL and IAD604-IL - Unauthenticated Sensitive Information Exposure via UPnP rootDesc.xml
CVSS 7.5
CVE-2022-34155 HIGH
miniOrange OAuth Single Sign On - Auth Bypass
CVSS 8.8
CVE-2022-48496 HIGH
Huawei EMUI - Improper Authentication via Lax App Identity Verification
CVSS 7.5
CVE-2022-48494 HIGH
Huawei EMUI - Improper Authentication via Lax App Identity Verification
CVSS 7.5
CVE-2022-40536 HIGH
Qualcomm 315 5G IoT Modem Firmware - Denial of Service via Plain TLB OTA Request
CVSS 7.5
CVE-2022-40521 HIGH
Qualcomm Modem Firmware - Denial of Service via Improper Authorization
CVSS 7.5
CVE-2022-41985 HIGH
Weston Embedded uC-FTPs 1.98.00 - Unauthenticated Authentication Bypass and Denial of Service
CVSS 8.6
CVE-2022-44610 MEDIUM
Intel Data Center Manager < 5.1 - Authenticated Privilege Escalation via Network Access
CVSS 5.4
CVE-2022-45860 MEDIUM
FortiNAC 7.2.0, 8.7-9.4.2 and FortiNAC-F 7.2.0 - Unauthenticated Weak Authentication in Device Registration
CVSS 5.3
CVE-2022-30995 HIGH
Acronis Cyber Protect/Linux <29486 - Info Disclosure
CVSS 7.5
CVE-2022-35898 CRITICAL
OpenText BizManager <16.6.0.1 - Privilege Escalation
CVSS 9.8
CVE-2022-45456 HIGH
Acronis Agent < c22.08 - Unauthenticated Denial of Service via API Endpoint
CVSS 7.5
Details
Vulnerabilities 4,363
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits