CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,365 vulnerabilities with CWE-287
CVE-2022-2303 MEDIUM
GitLab CE/EE <15.0.5, <15.1.4, <15.2.1 - Auth Bypass
CVSS 4.3
CVE-2022-2664 HIGH
Private Cloud Management Platform - Auth Bypass
CVSS 7.3
CVE-2022-35142 HIGH
Raneto < 0.17.1 - Denial of Service via Search Parameter
CVSS 7.5
CVE-2022-27484 MEDIUM
FortiADC 5.0.0-6.2.3 - Authenticated Password Change Bypass via Crafted HTTP Request
CVSS 5.4
CVE-2022-35925 MEDIUM
BookWyrm < 0.4.5 - Unauthenticated Brute-Force Attack via Missing Rate Limiting
CVSS 5.3
CVE-2022-35629 MEDIUM
Velociraptor < 0.6.5-2 - Authentication Bypass by Client ID Spoofing
CVSS 5.4
CVE-2022-2553 MEDIUM
booth < 1.0 - Improper Authentication via Ignored authfile Directive
CVSS 6.5
CVE-2022-30270 CRITICAL
Motorola ACE1000 RTU - Default Credentials Exposure via SSH Interface
CVSS 9.8
CVE-2022-36412 CRITICAL
Zoho ManageEngine SupportCenter Plus <11023 - Auth Bypass
CVSS 9.8
CVE-2022-34575 MEDIUM
Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 - Unauthenticated Key Information Disclosure via fctest.shtml
CVSS 5.7
CVE-2022-34839 MEDIUM
CodexShaper WP OAuth2 Server <= 1.0.1 - Authentication Bypass
CVSS 5.9
CVE-2022-31164 HIGH
Tovy <0.7.51 - Privilege Escalation
CVSS 7.5
CVE-2022-28666 MEDIUM
YIKES Inc. Custom Product Tabs for WooCommerce <=1.7.7 - Info Discl...
CVSS 5.3
CVE-2022-26136 CRITICAL
Atlassian <update - Auth Bypass/XSS
CVSS 9.8
CVE-2022-2141 CRITICAL
MiCODUS MV720 GPS tracker - Command Injection
CVSS 9.8
CVE-2022-34535 HIGH
Digital Watchdog MEGApix IP Cameras A7.2.2_20211029 - Unauthenticated Information Disclosure via Web Files
CVSS 7.5
CVE-2022-30624 MEDIUM
CHCNAV P5E GNSS Firmware - Unauthenticated Admin Password Reset via admin.html
CVSS 6.8
CVE-2022-30623 MEDIUM
CHCNAV P5E GNSS Firmware - Improper Authentication via Cookie Status Bypass
CVSS 5.9
CVE-2022-30550 HIGH
Dovecot 2.2-2.3 < 2.3.20 - Privilege Escalation via Duplicate Passdb Configuration
CVSS 8.8
CVE-2022-2133 MEDIUM
WordPress OAuth SSO <6.22.6 - Auth Bypass
CVSS 5.3
CVE-2022-33689 MEDIUM
TelephonyUI <SMR Jul-2022 Release 1 - Info Disclosure
CVSS 6.2
CVE-2022-30755 HIGH
AppLock <SMR Jul-2022 Release 1 - Auth Bypass
CVSS 7.3
CVE-2022-33736 HIGH
Opcenter Quality <V13.1.20220624-V13.2.20220624 - DoS
CVSS 7.5
CVE-2022-2302 CRITICAL
Lenze Cabinet Series - Privilege Escalation
CVSS 9.8
CVE-2022-31131 MEDIUM
Nextcloud mail <1.12.2 - Info Disclosure
CVSS 5.4
Details
Vulnerabilities 4,365
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits