CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,365 vulnerabilities with CWE-287
CVE-2022-24882 CRITICAL
FreeRDP < 2.7.0 - Improper Authentication via Empty Password Handling
CVSS 9.1
CVE-2022-29534 HIGH
MISP < 2.4.158 - Improper Authentication via Accept Header Manipulation
CVSS 7.5
CVE-2022-0540 CRITICAL
Atlassian Jira <8.13.18, <8.14.0-8.20.5, <8.21.0-8.22.0 - Auth Bypass
CVSS 9.8
CVE-2022-1065 HIGH
Abacus ERP <2022.01.15 - Auth Bypass
CVSS 8.1
CVE-2022-24857 HIGH
django-mfa3 < 0.5.0 - Authentication Bypass via Admin Login View
CVSS 7.3
CVE-2022-20695 CRITICAL
Cisco Wireless LAN Controller - Auth Bypass
CVSS 10.0
CVE-2022-26034 CRITICAL
CENTUM VP <R6.09.00 - Info Disclosure
CVSS 9.1
CVE-2022-22956 CRITICAL
VMware Workspace ONE Access - Authentication Bypass via OAuth2 ACS Framework
CVSS 9.8
CVE-2022-27839 LOW
Samsung Internet < 16.2.1 - Improper Authentication in SecretMode
CVSS 3.3
CVE-2022-26091 MEDIUM
Knox Manage <SMR Apr-2022 Release 1 - Privilege Escalation
CVSS 5.7
CVE-2022-25833 LOW
Android ImsService - Improper Authentication
CVSS 3.3
CVE-2022-25832 MEDIUM
Android S Secure - Improper Authentication
CVSS 4.0
CVE-2022-1067 MEDIUM
Lifepoint Patient Portal < lpi_3.5.12.p30 - Unauthenticated Lab Report PDF Generation
CVSS 6.5
CVE-2022-1248 HIGH
SAP Information System 1.0 - Unauthenticated Admin Account Creation via add_admin.php
CVSS 7.3
CVE-2022-24813 MEDIUM
CreateWiki < 2022-04-02 - Unauthenticated Anonymous Comment Posting via Special:RequestWikiQueue
CVSS 5.3
CVE-2022-28376 HIGH
Verizon 5G Home LVSKIHP - Info Disclosure
CVSS 8.1
CVE-2022-25157 CRITICAL
Mitsubishielectric Fx5uc Firmware - Authentication Bypass
CVSS 9.1
CVE-2022-25155 HIGH
Mitsubishielectric Fx5uc Firmware - Authentication Bypass
CVSS 8.1
CVE-2022-26562 CRITICAL
Kopano Core <= v11.0.2.51 - Auth Bypass
CVSS 9.8
CVE-2022-23156 MEDIUM
Dell Wyse Device Agent < 14.6.1.4 - Improper Authentication via Invalid Input
CVSS 6.0
CVE-2022-23795 CRITICAL
Joomla! 2.5.0-3.10.6 and 4.0.0-4.1.0 - Improper Authentication
CVSS 9.8
CVE-2022-22935 LOW
SaltStack Salt < 3002.8 - Minion Authentication Denial of Service via Master Impersonation
CVSS 3.7
CVE-2022-1084 HIGH
One Church Management System 1.0 - Authentication Bypass via User Registration Endpoint
CVSS 7.3
CVE-2022-0342 CRITICAL
Zyxel USG/ZyWALL/USG FLEX/ATP/VPN/NSG Firmware - Unauthenticated Authentication Bypass via CGI Program
CVSS 9.8
CVE-2022-1049 HIGH
pcs < 0.11.2 - Improper Authentication via PAM
CVSS 8.8
Details
Vulnerabilities 4,365
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits