CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287
CVE-2021-37414 HIGH
ManageEngine Desktop Central < 10.0.709 - Unauthenticated API Key Disclosure
CVSS 7.5
CVE-2021-25466 MEDIUM
Samsung Internet < 15.0.2.47 - Man-in-the-Middle Attack via Improper Scheme Check
CVSS 6.5
CVE-2021-25451 LOW
NetworkPolicyManagerService <SMR Sep-2021 Release 1 - Info Disclosure
CVSS 3.3
CVE-2021-39296 CRITICAL
OpenBMC 2.9 - Improper Authentication via Crafted IPMI Messages
CVSS 10.0
CVE-2021-28495 HIGH
Arista Metamako OS <=0.26.6, 0.31.1 - Unauthenticated Auth Bypass via JSON-RPC API
CVSS 7.2
CVE-2021-28494 CRITICAL
Arista Metamako Operating System < 0.34.0 - Unauthenticated Authentication Bypass via Web UI
CVSS 9.6
CVE-2021-28493 HIGH
Arista Metamako Operating System < 0.32.0 - Improper Authentication
CVSS 8.4
CVE-2021-34786 MEDIUM
Cisco BroadWorks CommPilot Application Software 22.0-22.0.2021.09 - Authenticated Unverified Password Change
CVSS 6.5
CVE-2021-34785 MEDIUM
Cisco BroadWorks CommPilot 22.0-22.0.2021.09 Arbitrary Account Deletion & Privilege Escalation
CVSS 6.5
CVE-2021-30605 HIGH
ChromeOS Readiness Tool <1.0.2.0 - Privilege Escalation
CVSS 7.8
CVE-2021-30702 MEDIUM
macOS 10.14-10.14.4 and 11.0-11.3 - Unauthenticated Login Window Bypass
CVSS 4.6
CVE-2021-30668 MEDIUM
macOS Big Sur <11.4 - Privilege Escalation
CVSS 4.6
CVE-2021-30667 MEDIUM
iPadOS < 14.6 - Authentication Downgrade via WiFi
CVSS 5.4
CVE-2021-1863 LOW
iPadOS < 14.5 - Improper Authentication via NFC Tag Action
CVSS 2.4
CVE-2021-30770 MEDIUM
iPhone OS < 14.7 - Kernel Memory Mitigation Bypass
CVSS 5.5
CVE-2021-30769 MEDIUM
iPhone OS < 14.7 - Pointer Authentication Bypass via Logic Issue
CVSS 5.5
CVE-2021-30720 MEDIUM
tvOS <14.6-iPadOS <14.6-Safari <14.1.1-macOS <11.4-watchOS <7.5 - SSRF
CVSS 5.4
CVE-2021-39196 HIGH
pcapture < 3.12 - Authenticated Unauthorized Packet Capture via REST API
CVSS 7.7
CVE-2021-34746 CRITICAL
Cisco Enterprise NFV Infrastructure Software < 4.6.1 - Authentication Bypass via TACACS+ Input Injection
CVSS 9.8
CVE-2021-40350 CRITICAL
Christie Digital DWU850-GS V06.46 - Auth Bypass
CVSS 9.8
CVE-2021-22002 CRITICAL
VMware Workspace ONE Access/Identity Manager - Unauthenticated Diagnostic Endpoint Access via Host Header Tampering
CVSS 9.8
CVE-2021-22943 CRITICAL
UniFi Protect <1.19.0 - Privilege Escalation
CVSS 9.6
CVE-2021-34578 CRITICAL
WAGO 750 Series Firmware < FW07 - Unauthenticated Settings Parameter Read/Write
CVSS 9.8
CVE-2021-39177 HIGH
Geyser < 1.4.2-SNAPSHOT - Unauthenticated User Impersonation via Forged JWT Token
CVSS 7.4
CVE-2021-37417 CRITICAL
Zoho ManageEngine ADSelfService Plus < 6.1 - CAPTCHA Bypass via Improper Parameter Validation
CVSS 9.8
Details
Vulnerabilities 4,371
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits