CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,365 vulnerabilities with CWE-287
CVE-2022-34372 CRITICAL
Dell PowerProtect Cyber Recovery < 19.11.0.2 - Unauthenticated Authentication Bypass via Docker Registry API
CVSS 9.8
CVE-2022-38557 CRITICAL
D-Link DIR845L <1.03 - Info Disclosure
CVSS 9.8
CVE-2022-38556 CRITICAL
Trendnet TEW733GR v1.03B01 - Info Disclosure
CVSS 9.8
CVE-2022-36755 CRITICAL
D-Link DIR-845L Firmware 1.0.0-1.0.2 - Improper Authentication via AUTHORIZED_GROUP Parameter
CVSS 9.8
CVE-2022-2031 HIGH
Samba < 4.14.14 - Authentication Bypass via Shared KDC and kpasswd Keys
CVSS 8.8
CVE-2022-35726 MEDIUM
yotuwp Video Gallery <1.3.4.5 - Auth Bypass
CVSS 4.3
CVE-2022-35203 HIGH
TrendNet TV-IP572PI v1.0 - Unauthenticated Sensitive Information Exposure
CVSS 7.2
CVE-2022-34919 CRITICAL
Zengenti Contensis < 15.2.1.79 - Unauthenticated Remote Code Execution via File Upload Wizard
CVSS 9.8
CVE-2022-32282 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Improper Authentication via Password Hash
CVSS 8.8
CVE-2022-34149 CRITICAL
miniOrange WP OAuth Server <3.0.4 - Auth Bypass
CVSS 9.8
CVE-2022-22730 CRITICAL
Intel Edge Insights for Industrial < 2.6.1 - Unauthenticated Privilege Escalation via Network Access
CVSS 9.8
CVE-2022-35198 HIGH
Contract Management System 2.0 - Improper Authentication via Weak Default Password
CVSS 7.5
CVE-2022-2336 CRITICAL
Softing Secure Integration Server - Info Disclosure
CVSS 9.8
CVE-2022-2662 CRITICAL
Sequi PortBloque S Firmware - Improper Authentication
CVSS 9.6
CVE-2022-38368 HIGH
Aviatrix Gateway <6.6.5712-6.7.1376 - Command Injection
CVSS 8.8
CVE-2022-36524 HIGH
D-Link GO-RT-AC750 - Info Disclosure
CVSS 7.5
CVE-2022-37397 HIGH
YugabyteDB 2.6.1 - Unauthenticated Authentication Bypass via Empty Password in LDAP with Active Directory
CVSS 8.3
CVE-2022-2503 MEDIUM
Linux Kernel < 5.19 - Authentication Bypass via Device-Mapper Table Reload
CVSS 6.9
CVE-2022-38180 MEDIUM
JetBrains Ktor <2.1.0 - Auth Bypass
CVSS 5.3
CVE-2022-2765 MEDIUM
Company Website CMS 1.0 - Improper Authentication in Dashboard Settings
CVSS 6.3
CVE-2022-32429 CRITICAL
Mega System Technologies MSNSwitch MNT.2408 - Unauthenticated Remote Code Execution via ExportSettings.sh
CVSS 9.8
CVE-2022-29083 MEDIUM
Dell Chengming 3980 Firmware < 2.23.0 - Unauthenticated Improper Authentication
CVSS 6.8
CVE-2022-36296 MEDIUM
WordPress ActiveDEMAND <= 0.2.27 - Auth Bypass
CVSS 6.5
CVE-2022-33732 MEDIUM
Samsung Dex for PC <SMR Aug-2022 Release 1 - Info Disclosure
CVSS 6.2
CVE-2022-33720 LOW
AppLock <SMR Aug-2022 Release 1 - Info Disclosure
CVSS 2.4
Details
Vulnerabilities 4,365
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits