CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,365 vulnerabilities with CWE-287
CVE-2022-31013 CRITICAL
Vartalap Chat Server <2.6.0 - Auth Bypass
CVSS 9.1
CVE-2022-31011 HIGH
TiDB 5.3.0 - Improper Authentication Bypass
CVSS 7.8
CVE-2022-26724 MEDIUM
tvOS < 15.5 - Unauthenticated iCloud Photos Enablement
CVSS 5.5
CVE-2022-22576 HIGH
curl 7.33.0-7.82.0 - Improper Authentication via OAUTH2 Connection Reuse
CVSS 8.1
CVE-2022-26865 MEDIUM
Dell Support Assist OS Recovery <5.5.2 - Auth Bypass
CVSS 6.8
CVE-2022-24422 CRITICAL
Dell iDRAC9 <5.10.10.00 - Auth Bypass
CVSS 9.6
CVE-2022-29237 MEDIUM
Opencast < 10.14 - Authenticated Organization Barrier Bypass via Ingest REST Interface
CVSS 5.4
CVE-2022-0910 MEDIUM
Zyxel USG/ZyWALL/USG FLEX/ATP/VPN Firmware 4.32-4.71/5.21 - Authenticated 2FA Downgrade via CGI
CVSS 6.5
CVE-2022-29165 CRITICAL
Argo CD <2.1.15-2.3.4 - Auth Bypass
CVSS 10.0
CVE-2022-29883 MEDIUM
Siemens 7kg8500-0aa00-0aa0 Firmware < 3.00 - Missing Authentication
CVSS 5.3
CVE-2022-28106 CRITICAL
Online Sports Complex Booking System 1.0 - Account Takeover via Crafted POST Request
CVSS 9.8
CVE-2022-28955 HIGH
D-Link DIR816L_FW206b01 - Info Disclosure
CVSS 7.5
CVE-2022-1349 MEDIUM
WPQA Builder Plugin < 5.2 - Unauthenticated Arbitrary Profile Picture Deletion via image_id Parameter
CVSS 4.3
CVE-2022-22796 HIGH
SysAid < 21.1.30 and < 21.4.45 - Unauthenticated Authentication Bypass via wmiwizard.jsp
CVSS 7.0
CVE-2022-1681 HIGH
wiki.js < 2.5.281 - Authentication Bypass via Alternate Path
CVSS 7.2
CVE-2022-1426 LOW
GitLab 12.6-14.8.5, 14.9-14.9.3, 14.10 - Improper Authentication
CVSS 2.0
CVE-2022-21934 HIGH
Metasys ADS/ADX/OAS <10.1.5, <11.0.2 - Privilege Escalation
CVSS 8.0
CVE-2022-24901 HIGH
parse-server < 4.10.10 - Improper Certificate Validation in Apple Game Center Authentication
CVSS 7.5
CVE-2022-28790 MEDIUM
Link to Windows Service <2.3.04.1 - Privilege Escalation
CVSS 4.0
CVE-2022-0916 HIGH
Logitech Options < 9.60.87 - Cross-Site Request Forgery via OAuth State Parameter
CVSS 8.4
CVE-2022-23723 HIGH
PingFederate PingOne MFA Integration Kit - MFA Bypass via Adapter HTML Templates
CVSS 7.7
CVE-2022-23722 MEDIUM
PingFederate - Improper Authentication via Password Reset Mechanism
CVSS 6.5
CVE-2022-0985 MEDIUM
moodle <3.9.13 and 3.11.0-3.11.6 - Improper Authentication in User Deletion
CVSS 4.3
CVE-2022-24885 LOW
Nextcloud Android < 3.19.1 - Authentication Bypass via Repeated App Reopening
CVSS 2.0
CVE-2022-24883 HIGH
FreeRDP < 2.7.0 - Improper Authentication via Invalid SAM File Path
CVSS 7.4
Details
Vulnerabilities 4,365
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits