CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,365 vulnerabilities with CWE-287
CVE-2022-24976 CRITICAL
atheme 7.2.0-7.2.11 - Authentication Bypass via IRC Handshake Challenge-Response Sequence
CVSS 9.1
CVE-2022-23320 HIGH
XMPie uStore 12.3.7244.0 - Authenticated SQL Query Execution via Report Generation
CVSS 7.5
CVE-2022-24551 HIGH
StarWind <v0.2 build 1633 - Privilege Escalation
CVSS 8.8
CVE-2022-22831 CRITICAL
Servisnet Tessa 0.0.2 - Unauthenticated User Addition via Authorization Header Manipulation
CVSS 9.8
CVE-2022-23600 MEDIUM
fleetdm/fleet < 4.9.1 - SAML Authentication Spoofing via Missing Audience Verification
CVSS 5.3
CVE-2022-24259 CRITICAL
Voipmonitor GUI <24.96 - Privilege Escalation
CVSS 9.8
CVE-2022-23126 CRITICAL
TeslaMate < 1.25.1 - Unauthenticated Vehicle Control via Grafana Token Exposure
CVSS 9.8
CVE-2022-23807 MEDIUM
phpMyAdmin <4.9.8, <5.1.2 - Auth Bypass
CVSS 4.3
CVE-2022-21692 MEDIUM
OnionShare < 2.5 - Improper Authentication in Chat Environment
CVSS 4.3
CVE-2022-21695 MEDIUM
OnionShare < 2.5 - Unauthenticated Message Spoofing in Chat
CVSS 4.3
CVE-2022-23178 CRITICAL
Crestron HD-MD4X2-4K-E Firmware 1.0.0.2159 - Unauthenticated Credential Disclosure via aj.html
CVSS 9.8
CVE-2022-22990 HIGH
Western Digital My Cloud OS < 5.19.117 - Authentication Bypass and Remote Code Execution via Access Token Validation
CVSS 7.8
CVE-2022-21684 MEDIUM
Discourse < 2.7.13 - Improper Authentication via Invite Redemption Bypass
CVSS 4.3
CVE-2022-23134 LOW KEV
Zabbix 5.4.0-5.4.7 - Unauthenticated Improper Access Control in Setup.php
CVSS 3.7
CVE-2022-22289 MEDIUM
S Assistant < 7.5 - Unauthenticated Sensitive Information Disclosure
CVSS 5.3
CVE-2022-22284 MEDIUM
Samsung Internet <16.0.2.19 - Auth Bypass
CVSS 5.7
CVE-2022-22283 LOW
Samsung Health <6.20.1.005 - Info Disclosure
CVSS 2.8
CVE-2021-3784 MEDIUM
Garuda Linux - Privilege Escalation
CVSS 5.3
CVE-2021-27715 CRITICAL
MoFi Network MOFI4500-4GXeLTE-V2 <3.5.6-xnet-5052 - Auth Bypass, RCE
CVSS 9.8
CVE-2021-40507 CRITICAL
OpenRISC OR1200 Firmware 2011-09-10-2015-11-11 - Incorrect Overflow Flag Update in ALU Subtract Instruction
CVSS 9.8
CVE-2021-40506 CRITICAL
OpenRISC OR1200 Firmware 2011-09-10-2015-11-11 - Incorrect Overflow Flag Update in ALU Unit
CVSS 9.8
CVE-2021-28235 CRITICAL
Etcd-io <3.4.10 - Privilege Escalation
CVSS 9.8
CVE-2021-43445 CRITICAL
ONLYOFFICE Server < 7.0.0.49 - Unauthenticated Incorrect Access Control via Default JWT Signing Key
CVSS 9.8
CVE-2021-43444 HIGH
ONLYOFFICE Server < 7.0.0.49 - Unauthenticated Incorrect Access Control via Weak URL Signing Key
CVSS 7.5
CVE-2021-4314 MEDIUM
Zowe API Mediation Layer 1.16.0-1.18.9 - Improper Privilege Management via JWT Token Manipulation
CVSS 5.3
Details
Vulnerabilities 4,365
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits