CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,365 vulnerabilities with CWE-287
CVE-2021-0193 HIGH
Intel(R) In-Band Manageability <2.13.0 - Privilege Escalation
CVSS 7.2
CVE-2021-26253 HIGH
Splunk 8.1.0-8.1.6 - Unauthenticated MFA Bypass via DUO Implementation
CVSS 8.1
CVE-2021-44057 HIGH
QNAP Photo Station < 5.4.13 - Improper Authentication
CVSS 7.1
CVE-2021-44056 HIGH
QNAP Video Station < 5.1.8 - Improper Authentication
CVSS 7.1
CVE-2021-41992 HIGH
PingID Integration for Windows Login < 2.7 - Offline MFA Bypass via RSA Misconfiguration
CVSS 7.7
CVE-2021-36460 HIGH
VeryFitPro 3.2.8 - Privilege Escalation
CVSS 7.8
CVE-2021-45841 HIGH
Terramaster F4-210, F2-210 TOS 4.2.X - Info Disclosure
CVSS 8.1
CVE-2021-26627 HIGH
qcp200w_firmware - Unauthenticated Real-Time Image Information Exposure via RTSP Port
CVSS 7.5
CVE-2021-3652 MEDIUM
389-ds-base < 2.0.7 - Improper Authentication via Asterisk Password Hash
CVSS 6.5
CVE-2021-46740 HIGH
Device Authentication Service - Info Disclosure
CVSS 7.5
CVE-2021-32984 CRITICAL
Automation Direct CLICK PLC <v3.00 - Privilege Escalation
CVSS 9.8
CVE-2021-32980 CRITICAL
Automation Direct CLICK PLC CPU <3.00 - Privilege Escalation
CVSS 9.8
CVE-2021-20238 LOW
OpenShift Container Platform - Unauthenticated Sensitive Data Exposure via Machine Config Server Endpoint
CVSS 3.7
CVE-2021-1950 HIGH
Qualcomm AR8035 and other Firmware - Face Authentication Bypass via Secure Memory Cleaning Issue
CVSS 7.8
CVE-2021-45900 MEDIUM
Vivoh Webinar Manager <3.6.3.0 - Auth Bypass
CVSS 6.5
CVE-2021-26598 MEDIUM
ImpressCMS < 1.4.3 - Unauthenticated Incorrect Access Control via findusers.php
CVSS 5.3
CVE-2021-26620 HIGH
iptime NAS Firmware < 1.4.82 - Improper Authentication and Information Disclosure
CVSS 7.5
CVE-2021-31326 CRITICAL
D-Link DIR-816 A2 1.10 B05 - Unauthenticated Device Reset via Crafted TokenID Parameter
CVSS 9.8
CVE-2021-4197 HIGH
Linux Kernel 4.2-4.14.276 - Privilege Escalation via Unprivileged Write to File Handler
CVSS 7.8
CVE-2021-44759 HIGH
Apache Traffic Server 8.0.0-8.1.0 - Improper Authentication in TLS Origin Validation
CVSS 8.1
CVE-2021-46390 MEDIUM
Lexar_F35 v1.0.34 - Info Disclosure/DoS
CVSS 6.8
CVE-2021-45786 CRITICAL
maccms v10 - Improper Authentication via col and openid Parameters
CVSS 9.8
CVE-2021-36368 LOW
OpenSSH <8.9 - Privilege Escalation
CVSS 3.7
CVE-2021-40376 HIGH
otris Update Manager 1.2.1.0 - Privilege Escalation
CVSS 7.8
CVE-2021-41181 LOW
Nextcloud talk <12.3.0 - Info Disclosure
CVSS 2.4
Details
Vulnerabilities 4,365
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits