CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,363 vulnerabilities with CWE-287
CVE-2022-39360 MEDIUM
Metabase <0.44.5, <1.44.5, <0.43.7, <1.43.7, <0.42.6, <1.42.6, <0.4...
CVSS 6.5
CVE-2022-3674 HIGH
Sanitization Management System 1.0 - Improper Authentication
CVSS 7.3
CVE-2022-26870 HIGH
Dell PowerStore <2.1.0.x - Auth Bypass
CVSS 7.0
CVE-2022-43400 CRITICAL
Siveillance Video Mobile Server <V2022 R2 - Info Disclosure
CVSS 9.8
CVE-2022-42233 CRITICAL
Tenda 11n_firmware V5.07.33_cn - Authentication Bypass
CVSS 9.8
CVE-2022-37298 CRITICAL
Shinken Monitoring 2.4.3 - Improper Authentication via SafeUnpickler
CVSS 9.8
CVE-2022-39267 HIGH
Bifrost < 1.8.8-release - Authentication Bypass via X-Requested-With Header Deletion
CVSS 8.8
CVE-2022-21618 MEDIUM
Oracle Java SE <19 - Unauthenticated RCE
CVSS 5.3
CVE-2022-40684 CRITICAL KEV
Fortinet Fortiproxy < 7.0.7 - Authentication Bypass
CVSS 9.8
CVE-2022-31122 CRITICAL
Wire <2022-07-12/Chart 4.19.0 - Privilege Escalation
CVSS 9.8
CVE-2022-22237 MEDIUM
Juniper Networks Junos OS - Privilege Escalation
CVSS 6.5
CVE-2022-2533 MEDIUM
GitLab <15.1.6-15.3.2 - Auth Bypass
CVSS 6.5
CVE-2022-23769 HIGH
reverseWall-MDS < 3.8_a008 - Remote Code Execution via Insufficient Privilege Verification
CVSS 7.5
CVE-2022-41436 CRITICAL
OXHOO TP50 OXH1.50 - Info Disclosure
CVSS 9.1
CVE-2022-38982 CRITICAL
Fingerprint Module - Info Disclosure
CVSS 9.8
CVE-2022-42488 HIGH
OpenHarmony 3.1-3.1.2 - Missing Authorization in Startup Subsystem Param Service
CVSS 8.4
CVE-2022-42463 HIGH
OpenHarmony 3.1-3.1.2 - Authentication Bypass via Softbus Server Callback Handler
CVSS 8.3
CVE-2022-39229 MEDIUM
Grafana < 8.5.14 - Authentication Bypass via Email Username Collision
CVSS 4.3
CVE-2022-35135 HIGH
Boodskap IoT Platform v4.4.9-02 - Privilege Escalation via /api/user/upsert/<uuid> Endpoint
CVSS 8.8
CVE-2022-3465 HIGH
MediaLink AC1200R Firmware - Improper Authentication in /index.asp
CVSS 7.3
CVE-2022-40664 CRITICAL
Apache Shiro < 1.10.0 - Authentication Bypass via RequestDispatcher
CVSS 9.8
CVE-2022-39290 HIGH
ZoneMinder < 1.36.27 - Authenticated Cross-Site Request Forgery via HTTP GET Request
CVSS 8.0
CVE-2022-39289 CRITICAL
ZoneMinder < 1.36.27 - Missing Authorization for Database Log Manipulation
CVSS 9.1
CVE-2022-21936 HIGH
Metasys ADX Server <12.0 - Privilege Escalation
CVSS 8.1
CVE-2022-40494 CRITICAL
ehang-io nps 0.19.0-0.26.9 - Authentication Bypass via Auth Key and Timestamp Parameters
CVSS 9.8
Details
Vulnerabilities 4,363
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits