CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,363 vulnerabilities with CWE-287
CVE-2022-30421 HIGH
Toshiba Storage Security Software V1.2.0.7413 - Improper Authentication
CVSS 7.8
CVE-2022-32514 CRITICAL
Schneider-electric 5500ac2 Firmware < 1.11.0 - Authentication Bypass
CVSS 9.8
CVE-2022-43978 MEDIUM
Pandora FMS < 766 - Improper Authentication via Static Session Secret
CVSS 5.6
CVE-2022-48066 CRITICAL
Totolink A830R V4.1.2cu.5182 - Authentication Bypass via Crafted Cookie
CVSS 9.8
CVE-2022-45922 HIGH
OpenText Extended ECM 21.1-22.1 - Improper Authentication via ll.KeepAliveSession Handler
CVSS 8.8
CVE-2022-25027 HIGH
Rocket TRUfusion Enterprise < 7.9.5.1 - Authentication Bypass via Forgotten Password Session Token Validation
CVSS 7.5
CVE-2022-39184 CRITICAL
EXFO BV-10 Firmware - Authentication Bypass via Manual Access Manipulation
CVSS 9.8
CVE-2022-4874 HIGH
Netcomm router models - Auth Bypass
CVSS 7.5
CVE-2022-35401 HIGH
Asus RT-AX82U 3.0.0.4.386_49674-ge182230 - Authentication Bypass via get_IFTTTTtoken.cgi
CVSS 8.1
CVE-2022-1101 HIGH
Royale Event Management System 1.0 - Improper Authentication via User Registration Endpoint
CVSS 7.3
CVE-2022-47976 HIGH
Huawei EMUI and HarmonyOS < 2.0 - Improper Authentication in DMSDP Module
CVSS 7.5
CVE-2022-47974 MEDIUM
Huawei EMUI and HarmonyOS < 2.0 - Denial of Service via Bluetooth AVRCP Module
CVSS 6.5
CVE-2022-43528 MEDIUM
Aruba EdgeConnect Enterprise Orchestrator - Auth Bypass
CVSS 4.8
CVE-2022-39042 CRITICAL
aEnrich a+HRD - Unauthenticated Authentication Bypass and Remote Command Execution
CVSS 9.8
CVE-2022-48195 CRITICAL
mellium/sasl < 0.3.1 - Improper Authentication via Empty Nonce in SCRAM
CVSS 9.8
CVE-2022-4861 MEDIUM
M-Files Client <22.5.11356.0 - Privilege Escalation
CVSS 4.8
CVE-2022-23554 MEDIUM
Alpine < 1.10.4 - Authentication Filter Bypass via URI Path Manipulation
CVSS 6.5
CVE-2022-41579 MEDIUM
Huawei HOTA-FARA-B19 Firmware - Improper Authentication
CVSS 6.5
CVE-2022-46172 MEDIUM
authentik <2022.10.4, 2022.11.4 - Auth Bypass
CVSS 6.4
CVE-2022-23555 CRITICAL
authentik < 2022.10.4 - Improper Authentication via Invitation Token Reuse
CVSS 9.4
CVE-2022-3156 HIGH
Rockwell Automation Studio 5000 Logix Emulate 20.011-33.x - Remote Code Execution via Service Misconfiguration
CVSS 7.8
CVE-2022-4722 HIGH
rdiffweb < 2.5.5 - Authentication Bypass
CVSS 7.2
CVE-2022-47633 HIGH
Kyverno 1.8.3-1.8.4 - Image Signature Validation Bypass
CVSS 8.1
CVE-2022-46875 MEDIUM
Firefox < 108 & Thunderbird < 102.6 - Command Injection
CVSS 6.5
CVE-2022-35646 MEDIUM
IBM Security Verify Governance, Identity Manager 10.0.1 - Privilege...
CVSS 5.9
Details
Vulnerabilities 4,363
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits