CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,363 vulnerabilities with CWE-287
CVE-2022-27874 MEDIUM
Intel XMM 7560 Firmware < M2_7560_R_01.2146.00 - Privilege Escalation via Physical Access
CVSS 6.8
CVE-2022-26845 HIGH
Intel(R) AMT < - Privilege Escalation
CVSS 8.7
CVE-2022-26508 MEDIUM
Intel(R) SDP Tool <3.0.0 - Info Disclosure
CVSS 4.3
CVE-2022-21794 HIGH
Intel NUC BIOS Firmware < HN0067 - Authenticated Privilege Escalation via Local Access
CVSS 7.7
CVE-2022-39038 HIGH
Agentflow BPM - Privilege Escalation
CVSS 8.8
CVE-2022-38119 CRITICAL
UPSMON Pro - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2022-44244 MEDIUM
Lin-CMS <0.2.1 - Privilege Escalation
CVSS 6.6
CVE-2022-39892 LOW
Samsung Pass < 4.0.05.1 - Unauthenticated Improper Access Control via Keep Open Feature
CVSS 3.6
CVE-2022-31686 CRITICAL
VMware Workspace ONE Assist < 22.10 - Unauthenticated Broken Authentication Method
CVSS 9.8
CVE-2022-31685 CRITICAL
VMware Workspace ONE Assist < 22.10 - Authentication Bypass
CVSS 9.8
CVE-2022-27510 CRITICAL
Citrix Gateway 12.1-<12.1-65.21 - Unauthenticated Improper Authentication
CVSS 9.8
CVE-2022-39387 CRITICAL
XWiki OIDC < 1.29.1 - Authentication Bypass via OpenID Provider Parameter Injection
CVSS 9.1
CVE-2022-43451 HIGH
OpenHarmony <v3.1.2 - Path Traversal
CVSS 8.4
CVE-2022-32935 MEDIUM
iPadOS < 15.7.1 - Unauthenticated Lock Screen Bypass
CVSS 4.6
CVE-2022-32928 MEDIUM
iPhone OS < 16.0, macOS < 13.0, watchOS < 9.0 - Mail Credential Interception via Privileged Network Position
CVSS 5.3
CVE-2022-2572 CRITICAL
Octopus Server 3.5-2022.1.3264 - Improper Authentication via External Provider
CVSS 9.8
CVE-2022-39019 MEDIUM
M-Files Hubshare <3.3.11.3 - Info Disclosure
CVSS 6.3
CVE-2022-39018 HIGH
M-Files Hubshare <3.3.11.3 - Info Disclosure
CVSS 8.2
CVE-2022-41648 CRITICAL
HEIDENHAIN Controller TNC 640 NC <34059007 SP5 - Privilege Escalation
CVSS 9.8
CVE-2022-39366 CRITICAL
DataHub < 0.8.45 - Authentication Bypass via Missing JWT Signature Verification
CVSS 9.9
CVE-2022-37914 CRITICAL
Aruba EdgeConnect Enterprise Orchestrator < 8.10.23.40009 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2022-37913 CRITICAL
Aruba EdgeConnect Enterprise Orchestrator <= 9.1.2.40051 Authentication Bypass
CVSS 9.8
CVE-2022-38744 HIGH
Rockwell Automation FactoryTalk Alarm and Events - DoS
CVSS 7.5
CVE-2022-40703 MEDIUM
AliveCor Kardia < 5.17.1-754993421 - Unauthenticated Authentication Bypass via Physical Access
CVSS 5.2
CVE-2022-39355 CRITICAL
Discourse Patreon < 2022-10-26 - Improper Authentication via Patreon Login
CVSS 9.1
Details
Vulnerabilities 4,363
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits