CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287
CVE-2021-44759 HIGH
Apache Traffic Server 8.0.0-8.1.0 - Improper Authentication in TLS Origin Validation
CVSS 8.1
CVE-2021-46390 MEDIUM
Lexar_F35 v1.0.34 - Info Disclosure/DoS
CVSS 6.8
CVE-2021-45786 CRITICAL
maccms v10 - Improper Authentication via col and openid Parameters
CVSS 9.8
CVE-2021-36368 LOW
OpenSSH <8.9 - Privilege Escalation
CVSS 3.7
CVE-2021-40376 HIGH
otris Update Manager 1.2.1.0 - Privilege Escalation
CVSS 7.8
CVE-2021-41181 LOW
Nextcloud talk <12.3.0 - Info Disclosure
CVSS 2.4
CVE-2021-4201 CRITICAL
ForgeRock AM <7.1.1-6.5.4 - Info Disclosure
CVSS 9.6
CVE-2021-45347 HIGH
zzcms 8.2 - Improper Authentication via Cookie Username Manipulation
CVSS 7.5
CVE-2021-22796 HIGH
C-Bus Toolkit <1.15.9, C-Gate Server <2.11.7 - RCE
CVSS 7.8
CVE-2021-38679 MEDIUM
QNAP Kazoo Server < 4.11.22 - Improper Authentication
CVSS 6.5
CVE-2021-30317 CRITICAL
Qualcomm Firmware - Improper Authentication via ELF Metadata Validation Bypass
CVSS 9.3
CVE-2021-45331 CRITICAL
Gitea < 1.5.0 - Authentication Bypass via TOTP Reuse
CVSS 9.8
CVE-2021-28503 HIGH
Arista EOS 4.22-4.22.9m - Authentication Bypass via Certificate Re-evaluation Skip
CVSS 7.4
CVE-2021-21965 CRITICAL
Sealevel SeaConnect 370W Firmware 1.3.34 - Denial of Service via SeaMax Remote Configuration
CVSS 9.3
CVE-2021-40404 MEDIUM
Reolink RLC-410W <3.0.0.136_20121102 - Auth Bypass
CVSS 6.5
CVE-2021-36346 MEDIUM
Dell iDRAC 8 < 2.82.82.82 - Unauthenticated Denial of Service
CVSS 5.3
CVE-2021-34865 HIGH
NETGEAR Multiple Router Models Firmware - Unauthenticated Authentication Bypass
CVSS 8.8
CVE-2021-3850 CRITICAL
adodb < 5.20.21 - Authentication Bypass
CVSS 9.1
CVE-2021-43394 CRITICAL
Unisys OS 2200 Messaging Integration Services - Auth Bypass
CVSS 9.8
CVE-2021-43355 HIGH
Fresenius Kabi Vigilant Software Suite - Info Disclosure
CVSS 7.3
CVE-2021-23196 HIGH
Agilia Link+ <3.0 - Info Disclosure
CVSS 7.3
CVE-2021-44736 CRITICAL
Lexmark MC3224i Firmware - Unauthenticated Improper Authentication via Initial Admin Setup Wizard
CVSS 9.8
CVE-2021-25036 HIGH
All in One SEO WordPress <4.1.5.3 - Privilege Escalation
CVSS 8.8
CVE-2021-34993 CRITICAL
Commvault CommCell - Unauthenticated Authentication Bypass in CVSearchService
CVSS 9.8
CVE-2021-34977 HIGH
NETGEAR R7000 Firmware 1.0.11.116_10.2.100 - Unauthenticated Authentication Bypass via SOAP Request
CVSS 8.8
Details
Vulnerabilities 4,371
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits