Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287

CVE-2021-25490 MEDIUM

Keymaster <SMR Oct-2021 Release 1 - Privilege Escalation

CVE-2021-25484 MEDIUM

InputManagerService <SMR Oct-2021 Release 1 - Info Disclosure

CVE-2021-0595 HIGH

Android 8.1-11 - Unauthenticated Work Profile Access via RootWindowContainer Lock Bypass

CVE-2021-39226 CRITICAL KEV

Grafana < 7.5.11 - Unauthenticated Snapshot Data Exposure and Deletion via Direct Path Access

CVE-2021-41286 HIGH

Omikron MultiCash Desktop 4.00.008.SP5 - Code Injection

CVE-2021-39872 MEDIUM

GitLab >=14.1.0 <14.1.7 - Improper Access Control via Expired Password Bypass

CVE-2021-23857 CRITICAL

Bosch Rexroth IndraMotion MLC Firmware < 12 - Improper Authentication via Password Hash

CVE-2021-35296 CRITICAL

PTCL HG150-Ub v3.0 - Authentication Bypass via Cookie and Response Path Manipulation

CVE-2021-20578 CRITICAL

IBM Cloud Pak for Security - Privilege Escalation

CVE-2021-24017 MEDIUM

FortiManager < 6.2.7 - Improper Authentication via Request Handler

CVE-2021-41292 CRITICAL

ECOA BAS Controller - Unauthenticated Authentication Bypass via Cookie Poisoning

CVE-2021-35943 CRITICAL

Couchbase Server <6.6.2 - Info Disclosure

CVE-2021-38299 CRITICAL

webauthn_framwork 3.3.0-3.3.3 - Improper Authentication via User Presence Bypass

CVE-2021-31606 HIGH

openvpn-monitor <= 1.1.3 - Authorization Bypass to Disconnect Clients

CVE-2021-41503 HIGH

D-Link DCS-932L Firmware < 2.17 and DCS-5000L Firmware 1.05 - Improper Access Control via Basic Authentication

CVE-2021-22869 CRITICAL

GitHub Enterprise Server - Privilege Escalation

CVE-2021-31917 CRITICAL

Infinispan 10.0.0-12.0.0 & Red Hat DataGrid 8.0.0-8.1.1 - DIGEST Auth Bypass

CVE-2021-38412 CRITICAL

Digi PortServer TS 16 Rack - Info Disclosure

CVE-2021-41317 CRITICAL

xss_hunter_express < 2021-09-17 - Improper Authentication

CVE-2021-41303 CRITICAL

Apache Shiro < 1.8.0 - Authentication Bypass via Spring Boot Integration

CVE-2021-33045 CRITICAL KEV

Dahua Multiple Devices Firmware - Authentication Bypass via Malicious Data Packet

CVE-2021-33044 CRITICAL KEV

Dahua IPC-HUM7XXX IPC-HX3XXX IPC-HX5XXX SD1A1 SD22 SD49 SD50 SD52C SD6AL TPC-BF1241 Firmware Authentication Bypass

CVE-2021-33700 HIGH

SAP Business One <10.0 - Auth Bypass

CVE-2021-39215 HIGH

Jitsi Meet < 2.0.5963 - Improper Authentication via Symmetrical JWT Validation

CVE-2021-3145 MEDIUM

Ionic Identity Vault < 5.0 - Biometric Authentication Bypass

Previous Page 78 of 175 Next

Details

Vulnerabilities 4,371

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy