CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,363 vulnerabilities with CWE-287
CVE-2022-40723 MEDIUM
PingFederate 11.1.0-11.1.4 and PingID Integration Kit < 2.24 - Authentication Bypass via RADIUS PCV Adapter
CVSS 6.5
CVE-2022-48314 MEDIUM
Huawei EMUI and HarmonyOS - Improper Authentication via Bluetooth Pairing Bypass
CVSS 6.5
CVE-2022-45174 CRITICAL
LIVEBOX Collaboration vDesk < 018 - Two-Factor Authentication Bypass via SAML Backup Code
CVSS 9.8
CVE-2022-45173 CRITICAL
LIVEBOX Collaboration vDesk < 018 - Two-Factor Authentication Bypass via /api/v1/vdeskintegration/challenge Endpoint
CVSS 9.8
CVE-2022-43620 HIGH
D-Link DIR-1935 Firmware < 1.02 - Unauthenticated Authentication Bypass via HNAP Login Request
CVSS 8.8
CVE-2022-4126 CRITICAL
ABB RCCMD < 4.40_230207 - Use of Default Password
CVSS 9.6
CVE-2022-45124 HIGH
WellinTech KingHistorian 35.01.00.05 - Information Disclosure via User Authentication
CVSS 7.5
CVE-2022-46773 MEDIUM
IBM Robotic Process Automation <21.0.8, >23.0.0 - CSRF
CVSS 4.3
CVE-2022-46774 MEDIUM
IBM Manage App <8.9.0 - Privilege Escalation
CVSS 5.4
CVE-2022-44574 HIGH
Ivanti Avalanche < 6.4.0 - Unauthenticated Property Modification via Specific Port
CVSS 7.5
CVE-2022-33242 HIGH
Qualcomm Firmware - Memory Corruption due to Improper Authentication in IPC
CVSS 7.8
CVE-2022-48364 MEDIUM
Mastodon 3.5.0-3.5.2 - Moderator Identity Disclosure via Appeal Approval
CVSS 4.3
CVE-2022-48305 MEDIUM
Huawei Children Smart Watch (Simba-AL00) 1.1.1.274 - Identity Authentication Bypass
CVSS 5.5
CVE-2022-48254 MEDIUM
Huawei Leia-B29 Firmware 2.0.0.49(M03) - Improper Authentication
CVSS 4.6
CVE-2022-34908 HIGH
aremis_4_nomads < 1.5.1 - Unauthenticated Data Exposure via Missing Token Validation
CVSS 8.2
CVE-2022-33946 MEDIUM
Intel(R) SUR <2.4.8902 - Privilege Escalation
CVSS 5.6
CVE-2022-32971 LOW
Intel(R) SUR <2.4.8902 - Privilege Escalation
CVSS 3.1
CVE-2022-32570 MEDIUM
Intel Quartus Prime Pro and Standard < 22.1, < 22.2 - Authenticated Privilege Escalation via Local Access
CVSS 6.7
CVE-2022-47508 HIGH
SolarWinds Server & Application Monitor - Unauthenticated NTLM Traffic Exposure via IP Address Polling
CVSS 7.5
CVE-2022-45724 MEDIUM
Comfast CF-WR610N Firmware V2.3.1 - Improper Access Control via SESSION_ID Generation
CVSS 5.4
CVE-2022-48294 HIGH
Huawei EMUI - Improper Authentication in IHwAttestationService Interface
CVSS 7.5
CVE-2022-42951 HIGH
Couchbase Server 6.5.x-6.6.5, 7.x<7.0.5, 7.1.x<7.1.2 - Improper Authentication during Node Startup
CVSS 8.1
CVE-2022-47003 CRITICAL
Mura CMS < 10.0.580 - Authentication Bypass via Remember Me Function
CVSS 9.8
CVE-2022-4441 HIGH
Hitachi Storage Plug-in for VMware vCenter 04.9.0 - Authenticated Privilege Escalation
CVSS 7.6
CVE-2022-4041 MEDIUM
Hitachi Storage Plug-in for VMware vCenter <4.9.1 - Privilege Escal...
CVSS 5.9
Details
Vulnerabilities 4,363
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits