CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287
CVE-2021-36370 HIGH
Midnight Commander <4.8.26 - Info Disclosure
CVSS 7.5
CVE-2021-32967 CRITICAL
Delta Electronics DIAEnergie <1.7.5 - Privilege Escalation
CVSS 9.8
CVE-2021-22025 HIGH
VMware vRealize Operations Manager 8.0.0-8.4.x - Unauthenticated API Access via Broken Access Control
CVSS 7.5
CVE-2021-39165 HIGH
Cachet <= 2.3.18 - Unauthenticated SQL Injection via SearchableTrait
CVSS 8.1
CVE-2021-32648 HIGH KEV
October CMS < 1.1.5 and System < 1.0.472 - Authentication Bypass via Password Reset
CVSS 8.2
CVE-2021-29487 HIGH
October CMS 1.0.471 - Unauthenticated Authentication Bypass via Crafted Request
CVSS 7.4
CVE-2021-30867 MEDIUM
iPadOS < 15.0 - Unauthenticated Photo Metadata Access
CVSS 5.5
CVE-2021-37597 CRITICAL
WP Cerber < 8.9.3 - Multi-Factor Authentication Bypass via wordpress_logged_in_[hash] Manipulation
CVSS 9.8
CVE-2021-39138 MEDIUM
parse-server < 4.5.1 - Improper Authentication via Incorrect Session Creation
CVSS 4.8
CVE-2021-1561 MEDIUM
Cisco Secure Email and Web Manager < 14.1 - Authenticated Spam Quarantine Access Control Bypass
CVSS 5.4
CVE-2021-3458 MEDIUM
Motorola MM1000 Firmware - Unauthenticated Adapter Settings Modification
CVSS 6.1
CVE-2021-24527 CRITICAL
Profile Builder < 3.4.9 - Unauthenticated Admin Password Reset via Reset Key Bypass
CVSS 9.8
CVE-2021-36949 HIGH
Microsoft Azure Active Directory Connect 1.3.20.0-1.6.11.3 - Authentication Bypass
CVSS 7.1
CVE-2021-36921 HIGH
AIMANAGER < b115 - Improper Authentication via Authentication Response Tampering
CVSS 8.8
CVE-2021-27794 HIGH
Brocade Fabric OS <v.9.0.1a,v8.2.3a,v7.4.2h - Auth Bypass
CVSS 7.8
CVE-2021-3046 MEDIUM
Palo Alto Networks PAN-OS 8.1.0-8.1.18 - Authenticated User Impersonation via SAML Authentication
CVSS 6.8
CVE-2021-37172 HIGH
SIMATIC S7-1200 CPU Firmware V4.5.0 - Improper Authentication via TIA Portal V13
CVSS 7.5
CVE-2021-21564 CRITICAL
Dell OpenManage Enterprise < 3.6.1 - Unauthenticated Session Hijack via Malformed Data
CVSS 9.8
CVE-2021-20598 MEDIUM
Mitsubishi Electric MELSEC iQ-R - Info Disclosure
CVSS 5.3
CVE-2021-37545 HIGH
JetBrains TeamCity < 2021.1.1 - Improper Authentication for Agent Requests
CVSS 7.5
CVE-2021-32579 HIGH
Acronis True Image - Unauthenticated API Tampering via Micro-Service
CVSS 7.8
CVE-2021-25445 MEDIUM
Samsung Internet <14.2 - Info Disclosure
CVSS 5.3
CVE-2021-3636 MEDIUM
OpenShift < 4.8 - Improper Certificate Validation in Service CA
CVSS 4.6
CVE-2021-21538 CRITICAL
Dell EMC iDRAC9 4.40.00.00-4.40.10.00 - Unauthenticated Improper Authentication
CVSS 9.6
CVE-2021-32794 MEDIUM
ArchiSteamFarm < 5.1.2.4 - Improper Authentication via IPC Password Removal
CVSS 6.8
Details
Vulnerabilities 4,371
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits