CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,365 vulnerabilities with CWE-287
CVE-2022-3218 CRITICAL
Necta WiFi Mouse Server - Remote Code Execution via Client-Side Authentication Bypass
CVSS 9.8
CVE-2022-3173 MEDIUM
Snipe-IT < 6.0.10 - Improper Authentication
CVSS 4.3
CVE-2022-39009 CRITICAL
Huawei EMUI and HarmonyOS - Improper Authentication in WLAN Module
CVSS 9.8
CVE-2022-25652 CRITICAL
Qualcomm CSR8811 and IPQ Firmware - Improper Authentication via Hash Verification Issue
CVSS 9.0
CVE-2022-36436 CRITICAL
OSU Open Source Lab VNCAuthProxy <1.1.1 - Auth Bypass
CVSS 9.8
CVE-2022-40622 HIGH
WAVLINK Quantum D4G - Session Takeover
CVSS 8.8
CVE-2022-39205 CRITICAL
OneDev < 7.3.0 - Unauthenticated Remote Code Execution via Git Pre-Receive Callback Endpoint
CVSS 9.0
CVE-2022-36106 MEDIUM
TYPO3 <10.4.31, <11.5.15 - Info Disclosure
CVSS 5.4
CVE-2022-39801 HIGH
SAP GRC Access Control - Authenticated Firefighter Session Reuse
CVSS 7.5
CVE-2022-38700 HIGH
OpenHarmony <v3.1.1 - Privilege Escalation
CVSS 8.8
CVE-2022-38081 MEDIUM
OpenHarmony <v3.1.2 - Privilege Escalation
CVSS 6.2
CVE-2022-38064 MEDIUM
OpenHarmony <v3.1.2 - Privilege Escalation
CVSS 6.2
CVE-2022-36093 HIGH
XWiki Platform Web Templates <14.2 & <13.10.4 - Auth Bypass
CVSS 8.5
CVE-2022-36092 HIGH
XWiki Platform Old Core <14.2-13.10.4 - Auth Bypass
CVSS 7.5
CVE-2022-37164 CRITICAL
Inoda OnTrack <3.4 - Privilege Escalation
CVSS 9.8
CVE-2022-37163 CRITICAL
Bminusl IHateToBudget v1.5.7 - Info Disclosure
CVSS 9.8
CVE-2022-20923 MEDIUM
Cisco RV110W RV130 RV130W RV215W - Unauthenticated IPSec VPN Authentication Bypass via Password Validation Algorithm
CVSS 4.0
CVE-2022-38399 MEDIUM
SmaCam CS-QR10/CS-QR20 - Command Injection
CVSS 6.8
CVE-2022-36073 HIGH
RubyGems.org < 2022-08-31 - Account Takeover via Email Change Confirmation Bypass
CVSS 8.3
CVE-2022-3152 HIGH
phpfusion < 9.10.20 - Unverified Password Change
CVSS 8.8
CVE-2022-26858 MEDIUM
Dell BIOS - Authenticated Improper Authentication via SMI Input
CVSS 6.1
CVE-2022-31020 HIGH
Indy Node <1.12.4 - Authenticated RCE
CVSS 8.8
CVE-2022-36071 HIGH
SFTPGo 2.2.0-2.3.3 - Two-Factor Authentication Bypass via Recovery Code Generation
CVSS 8.3
CVE-2022-34380 CRITICAL
Dell CloudLink < 7.1.4 - Authentication Bypass via Alternate Path
CVSS 9.3
CVE-2022-34379 CRITICAL
Dell EMC CloudLink < 7.1.3 - Authentication Bypass via Active Directory Username
CVSS 9.4
Details
Vulnerabilities 4,365
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits