CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,365 vulnerabilities with CWE-287
CVE-2022-31125 CRITICAL
roxy-wi < 6.1.1.0 - Unauthenticated Authentication Bypass via Crafted HTTP Request
CVSS 10.0
CVE-2022-28713 MEDIUM
Cybozu Garoon <5.5.1 - Info Disclosure
CVSS 5.3
CVE-2022-2197 CRITICAL
exemys rme1_firmware < 2.1.6 - Unauthenticated Authentication Bypass via Specific Credential String
CVSS 9.8
CVE-2022-1955 MEDIUM
Session 1.13.0 - Privilege Escalation
CVSS 4.6
CVE-2022-29858 MEDIUM
silverstripe/assets < 1.10.1 - Improper Access Control via Image Short Code Manipulation
CVSS 4.3
CVE-2022-33202 HIGH
L2Blocker < 4.8.6 - Authentication Bypass via Alternative Path
CVSS 8.1
CVE-2022-29578 MEDIUM
Meridian Cooperative Utility Software 22.02-22.03 - Unauthenticated Sensitive Information Disclosure
CVSS 5.3
CVE-2022-29775 CRITICAL
iSpyConnect iSpy 7.2.2.0 - Unauthenticated Authentication Bypass via Crafted URL
CVSS 9.8
CVE-2022-33139 CRITICAL
Cerberus DMS, Desigo CC, Desigo CC Compact, SIMATIC WinCC OA - Unauthenticated User Impersonation
CVSS 9.8
CVE-2022-1801 HIGH
Very Simple Contact Form < 11.6 - Captcha Bypass via Exposed Solution in Rendered Form
CVSS 7.5
CVE-2022-31083 HIGH
Parse Server <4.10.11, <5.2.2 - Auth Bypass
CVSS 8.6
CVE-2022-32276 HIGH
Grafana 8.4.3 - Unauthenticated Access via Dashboard Snapshot URI
CVSS 7.5
CVE-2022-33750 CRITICAL
CA Automic Automation <12.3 - Command Injection
CVSS 9.8
CVE-2022-29865 HIGH
OPC UA .NET Standard Stack < 1.4.368.58 - Unauthenticated Authentication Bypass via Crafted Fake Credentials
CVSS 7.5
CVE-2022-30150 HIGH
Windows 10 and Windows 11 - Improper Authentication in Defender Remote Credential Guard
CVSS 7.5
CVE-2022-21935 HIGH
Metasys ADS/ADX/OAS <10.1.5, <11.0.2 - Privilege Escalation
CVSS 7.5
CVE-2022-20798 CRITICAL
Cisco Secure Email and Web Manager - Auth Bypass
CVSS 9.8
CVE-2022-20733 MEDIUM
Cisco Identity Services Engine - Unauthenticated Authentication Bypass via SAML Metadata Exposure
CVSS 5.3
CVE-2022-30229 HIGH
SICAM GridEdge Essential < 2.6.6 - Unauthenticated Privileged Function Access
CVSS 7.2
CVE-2022-22259 MEDIUM
FLMG-10 <10.0.1.0 - Privilege Escalation
CVSS 6.8
CVE-2022-30749 LOW
Smart Things <1.7.85.25 - Auth Bypass
CVSS 3.3
CVE-2022-30238 HIGH
Wiser Smart EER21000 and EER21001 Firmware < 4.5 - Improper Authentication
CVSS 8.3
CVE-2022-31463 HIGH
Owl Labs Meeting Owl <5.2.0.15 - DoS
CVSS 8.2
CVE-2022-30034 HIGH
Flower < 1.2.0 - Unauthenticated OAuth Authentication Bypass
CVSS 8.6
CVE-2022-26975 HIGH
Barco Control Room Management Suite <3.14 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 4,365
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits