CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287
CVE-2021-37580 CRITICAL
Apache ShenYu 2.3.0-2.4.0 - Authentication Bypass via JWT Misuse
CVSS 9.8
CVE-2021-3788 MEDIUM
Motorola-branded Binatone Hubble Cameras - Info Disclosure
CVSS 6.8
CVE-2021-3519 MEDIUM
Lenovo IdeaCentre and ThinkCentre Firmware - Unauthenticated Boot Menu Access via BIOS Password Bypass
CVSS 6.4
CVE-2021-43203 HIGH
JetBrains Ktor <1.6.4 - Auth Bypass
CVSS 7.5
CVE-2021-24647 HIGH
Pie Register < 3.7.1.6 - Unauthenticated User Impersonation via Social Login
CVSS 8.1
CVE-2021-42072 HIGH
Barrier < 2.4.0 - Improper Authentication
CVSS 8.8
CVE-2021-31602 MEDIUM
Hitachi Vantara Pentaho < 9.1.0.0 & Business Intelligence Server < 7.1 - Unauthenticated Information Disclosure
CVSS 5.3
CVE-2021-43414 HIGH
GNU Hurd <0.9 - Privilege Escalation
CVSS 7.0
CVE-2021-42837 CRITICAL
Talend Data Catalog < 7.3-20210930 - Authentication Bypass via Native Login Page
CVSS 9.8
CVE-2021-25506 MEDIUM
Samsung Health <6.19.1.0001 - Info Disclosure
CVSS 4.0
CVE-2021-25505 LOW
Samsung Pass <3.0.02.4 - Auth Bypass
CVSS 3.3
CVE-2021-38161 HIGH
Apache Traffic Server <8.0.9 - Auth Bypass
CVSS 8.1
CVE-2021-33210 MEDIUM
Fimer Aurora Vision <2.97.10 - Info Disclosure
CVSS 4.3
CVE-2021-41312 HIGH
Atlassian Jira Server and Data Center < 8.19.1 - Improper Authentication via ViewCollectors Endpoint
CVSS 7.5
CVE-2021-22490 MEDIUM
Huawei Smartphone - Privilege Escalation
CVSS 5.3
CVE-2021-22473 HIGH
Huawei EMUI and Magic UI - Improper Authentication
CVSS 7.5
CVE-2021-32951 MEDIUM
WebAccess/NMS <3.0.3_Build6299 - Auth Bypass
CVSS 5.3
CVE-2021-41157 MEDIUM
FreeSWITCH < 1.10.6 - Unauthenticated SIP SUBSCRIBE Event Notification Access
CVSS 5.3
CVE-2021-37624 HIGH
FreeSWITCH < 1.10.7 - Unauthenticated SIP MESSAGE Spoofing and Spam
CVSS 7.5
CVE-2021-30312 HIGH
Qualcomm APQ8053 Firmware - Information Disclosure via Improper Authentication of Multicast AMSDU Sub-Frames
CVSS 7.5
CVE-2021-30302 HIGH
Qualcomm Firmware - Unauthenticated Information Disclosure via EAP WAPI EAPOL Frame Handling
CVSS 7.5
CVE-2021-31349 CRITICAL
Juniper 128 Technology Session Smart Router <4.5.11/5.0-5.0.1 Auth Bypass via HTTP Header
CVSS 9.8
CVE-2021-37123 CRITICAL
Huawei Hero-CT060 Firmware < 1.0.0.200 - Improper Authentication
CVSS 9.8
CVE-2021-41129 HIGH
Pterodactyl Panel 1.0.0-1.6.1 - Authentication Bypass via Two-Factor Confirmation Token Manipulation
CVSS 8.1
CVE-2021-41126 HIGH
October CMS <2.1.12 - Privilege Escalation
CVSS 7.2
Details
Vulnerabilities 4,371
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits