CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287
CVE-2021-39064 HIGH
IBM Spectrum Copy Data Management <= 2.2.13 - Improper Authentication via Default Credentials
CVSS 7.5
CVE-2021-44514 CRITICAL
Zoho ManageEngine OpManager < 125490 - Improper Authentication in OpUtils Audit Directories
CVSS 9.8
CVE-2021-41265 HIGH
Flask-AppBuilder <3.3.4 - Auth Bypass
CVSS 8.1
CVE-2021-21955 HIGH
Anker Eufy Homebase 2 2.1.6.9h - Authentication Bypass via get_aes_key_info_by_packetid()
CVSS 7.5
CVE-2021-20145 HIGH
Gryphon Tower Firmware < 04.0004.12 - Unauthenticated VPN Access via OpenVPN Configuration Exposure
CVSS 7.5
CVE-2021-43068 MEDIUM
Fortinet FortiAuthenticator <6.4.0 - Auth Bypass
CVSS 5.4
CVE-2021-36718 MEDIUM
SYNEL eharmonynew and Synel Reports < 11.0 - Unauthenticated Default Credential Access and Sensitive Data Exposure
CVSS 6.1
CVE-2021-37054 HIGH
HarmonyOS < 2.0 - Improper Authentication
CVSS 7.5
CVE-2021-41311 HIGH
Atlassian Jira Server and Data Center < 8.19.1 - Broken Authentication in Project Roles Endpoint
CVSS 7.5
CVE-2021-41309 MEDIUM
Atlassian Jira Software Data Center < 8.19.1 - Broken Authentication via Audit Log Export Endpoint
CVSS 5.3
CVE-2021-41716 CRITICAL
Mahavitaran < 7.50 - Unauthenticated Account Takeover via OTP Fixation
CVSS 9.8
CVE-2021-43175 HIGH
GOautodial < commit 3c3a979 - Auth Bypass
CVSS 7.5
CVE-2021-37100 HIGH
HarmonyOS < 2.0 - Improper Authentication
CVSS 7.5
CVE-2021-37043 HIGH
Huawei EMUI - Stack-based Buffer Overflow
CVSS 7.5
CVE-2021-43931 CRITICAL
webhmi_firmware < 4.1 - Authentication Bypass via Weak Implementation
CVSS 9.8
CVE-2021-39890 LOW
GitLab 14.1.1-14.1.6 - Two-Factor Authentication Bypass via Basic Authentication
CVSS 3.1
CVE-2021-43786 CRITICAL
NodeBB 1.15.0-1.18.4 - Unauthenticated Remote Code Execution via Master Token Bypass
CVSS 9.8
CVE-2021-38686 HIGH
QVR < 5.1.6 - Improper Authentication
CVSS 8.8
CVE-2021-35033 HIGH
Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, WSR30 - Unauthenticated Root Access via Pre-Configured Password
CVSS 7.8
CVE-2021-38376 MEDIUM
OX App Suite <7.10.5 - Info Disclosure
CVSS 5.3
CVE-2021-36308 MEDIUM
Networking OS10 <October 2021 - Auth Bypass
CVSS 5.9
CVE-2021-36306 HIGH
Networking OS10 <October 2021 - Auth Bypass
CVSS 8.1
CVE-2021-42338 CRITICAL
4mosan gcb_doctor < 20210708 - Unauthenticated Authentication Bypass and Arbitrary File Upload via Cookie Injection
CVSS 9.8
CVE-2021-33087 MEDIUM
Intel(R) NUC M15 Laptop Kit Management Engine <15.0.10.1508 - DoS
CVSS 5.5
CVE-2021-0096 HIGH
Intel NUC HDMI Firmware Update Tool < 1.78.1.1 - Authenticated Privilege Escalation via Local Access
CVSS 7.8
Details
Vulnerabilities 4,371
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits