CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,363 vulnerabilities with CWE-287
CVE-2022-35843 HIGH
FortiOS/FortiProxy <7.2.0,6.4.9,6.2,6.0 - Auth Bypass
CVSS 8.1
CVE-2022-38336 HIGH
MobaXterm < 22.2 - Unauthenticated SSH/SFTP Connection
CVSS 8.1
CVE-2022-43557 MEDIUM
BD BodyGuard Infusion Pumps - Auth Bypass
CVSS 5.3
CVE-2022-43549 CRITICAL
Veeam Backup for Google Cloud <3.0 - Auth Bypass
CVSS 9.8
CVE-2022-40259 HIGH
AMI MegaRAC SP-X - Improper Authentication via Default Credentials
CVSS 8.3
CVE-2022-40242 HIGH
AMI MegaRAC SP-X - Improper Authentication via Default Credentials
CVSS 7.5
CVE-2022-43504 MEDIUM
WordPress < 3.7.40 - Unauthenticated Email Address Exposure via Post by Email Feature
CVSS 5.3
CVE-2022-46411 HIGH
Veritas NetBackup <3.0-8.0.100 - Privilege Escalation
CVSS 8.8
CVE-2022-46145 HIGH
authentik <2022.11.2-2022.10.2 - Privilege Escalation
CVSS 8.1
CVE-2022-43900 MEDIUM
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps < 1.4.3 - Unauthenticated Outbound Network Connection
CVSS 5.3
CVE-2022-36960 HIGH
SolarWinds Orion Platform - Authenticated Privilege Escalation via Improper Input Validation
CVSS 8.8
CVE-2022-46146 MEDIUM
Prometheus Exporter Toolkit <0.7.2-0.8.2 - Auth Bypass
CVSS 6.2
CVE-2022-41912 CRITICAL
crewjam/saml < 0.4.9 - Authentication Bypass via Multiple Assertion Elements
CVSS 9.1
CVE-2022-36133 CRITICAL
Epson TM-C3500 and TM-C7500 Firmware WAM31500 - Authentication Bypass in WebConfig
CVSS 9.1
CVE-2022-37774 MEDIUM
Maarch RM 2.8-2.8.6 - Unauthenticated Document Access via MD5 Hash URL
CVSS 5.3
CVE-2022-37931 HIGH
HP NonStop NetBatch-Plus >= T9189H01 < T9189H01^ABW - Improper Authentication
CVSS 7.3
CVE-2022-40602 CRITICAL
Zyxel LTE3301-M209 Firmware < 1.00(ABLG.6)C0 - Unauthenticated Remote Access via Pre-configured Password
CVSS 9.8
CVE-2022-20918 HIGH
Cisco FirePOWER Software SNMP Info Disclosure via Default Credentials
CVSS 7.5
CVE-2022-25667 HIGH
Qualcomm AR9380 and related firmware - Information Disclosure via ICMP Request Handling
CVSS 7.5
CVE-2022-43690 MEDIUM
Concrete CMS <8.5.10, 9.0.0-9.1.2 - Auth Bypass
CVSS 6.3
CVE-2022-3477 CRITICAL
Newsmag < 5.2.2 - Unauthenticated Account Takeover via Facebook Login Feature
CVSS 9.8
CVE-2022-34331 MEDIUM
IBM PowerVM Hypervisor - Improper Authentication
CVSS 5.5
CVE-2022-37345 HIGH
Intel NUC Kit Firmware < RY0386 - Authenticated Privilege Escalation via BIOS
CVSS 7.8
CVE-2022-36370 HIGH
Intel NUC <MYi30060 - Privilege Escalation
CVSS 7.5
CVE-2022-29893 HIGH
Intel AMT Firmware < 11.8.93 - Authenticated Privilege Escalation via Network Access
CVSS 8.1
Details
Vulnerabilities 4,363
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits