CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,365 vulnerabilities with CWE-287

CVE-2022-0996 MEDIUM

389 Directory Server - Improper Authentication via Expired Password Bypass

CVSS 6.5

CVE-2022-0862 LOW

McAfee ePolicy Orchestrator < 5.10.0 - Unauthenticated Password Change via Deprecated API

CVSS 3.1

CVE-2022-22656 LOW

macOS 10.15-10.15.6 and 11.6-11.6.4 - Unauthenticated User Data Exposure via Fast User Switching

CVSS 3.3

CVE-2022-0547 CRITICAL

OpenVPN <2.4.13 or 2.5.7 - Auth Bypass

CVSS 9.8

CVE-2022-26504 HIGH

Veeam Backup & Replication <11.x - RCE

CVSS 8.8

CVE-2022-24740 MEDIUM

Volto <15.0.0-alpha.0 - Auth Bypass

CVSS 5.0

CVE-2022-22729 HIGH

Yokogawa CENTUM CS 3.08.10-3.09.00, VP 4.01.00-4.03.00, Exaopc 3.72.00-3.79.00 - Authentication Bypass

CVSS 8.8

CVE-2022-25825 MEDIUM

Samsung Account < 13.1.0.1 - Improper Access Control

CVSS 6.2

CVE-2022-25817 MEDIUM

Android One UI Home - Improper Authentication

CVSS 4.0

CVE-2022-25816 MEDIUM

Google Android - Authentication Bypass

CVSS 4.1

CVE-2022-24286 HIGH

Acer QuickAccess <2.01.3030-3.00.3038 - Privilege Escalation

CVSS 7.8

CVE-2022-24285 HIGH

Acer Care Center <4.00.3042 - Privilege Escalation

CVSS 7.8

CVE-2022-23383 CRITICAL

YzmCMS v6.3 - Unauthenticated Improper Authentication

CVSS 9.1

CVE-2022-24748 MEDIUM

Shopware <6.4.8.2 - Info Disclosure

CVSS 6.8

CVE-2022-0715 CRITICAL

APC Smart-UPS Family - Improper Authentication

CVSS 9.1

CVE-2022-24738 HIGH

evmos < 2.0.1 - Unauthenticated Fund Drain via Signature Verification Bypass

CVSS 8.1

CVE-2022-23729 HIGH

Android < 11.0 - Unauthenticated Shell Access via ADB

CVSS 7.8

CVE-2022-0730 CRITICAL

Cacti - Authentication Bypass via LDAP

CVSS 9.8

CVE-2022-0492 HIGH KEV

Docker cgroups Container Escape

CVSS 7.8

CVE-2022-23635 HIGH

Istio < 1.11.7 and 1.13.0 - Unauthenticated Denial of Service via Crafted Message

CVSS 7.5

CVE-2022-23654 HIGH

wiki.js < 2.5.276 - Authenticated Path Traversal via Page ID Manipulation

CVSS 8.1

CVE-2022-23652 HIGH

clastix/capsule-proxy < 0.2.1 - Privilege Escalation via Malicious Connection Header

CVSS 8.8

CVE-2022-24047 CRITICAL

BMC Track-It! 20.21.01.102 - Auth Bypass

CVSS 9.8

CVE-2022-21196 CRITICAL

Airspan Mimosa Management Platform <1.0.3 & C6x/C5x/C5c <2.8.6.1 & A5x <2.5.4.1 - Auth Bypass

CVSS 10.0

CVE-2022-23317 HIGH

Cobalt Strike <= 4.5 - Information Disclosure via Malformed URL Path

CVSS 7.5

Details

Vulnerabilities 4,365

Exploit Likelihood High

Links