CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287
CVE-2021-34676 HIGH
NEX-Forms < 7.8.7 - Authentication Bypass via Excel Report Generation
CVSS 7.5
CVE-2021-34675 HIGH
NEX-Forms < 7.8.7 - Authentication Bypass for Stored PDF Reports
CVSS 7.5
CVE-2021-35964 HIGH
Orca HCM < 10.0 - Unauthenticated Improper Authentication
CVSS 7.3
CVE-2021-34690 CRITICAL
iDrive RemotePC < 7.6.48 - Unauthenticated Authentication Bypass via TCP Ports 5970 and 5980
CVSS 9.8
CVE-2021-21994 CRITICAL
VMware ESXi - Authentication Bypass via SFCB Request
CVSS 9.8
CVE-2021-20593 HIGH
Mitsubishi Air Conditioning System/Centralized Controllers - Incorrect Implementation of Authentication Algorithm
CVSS 7.1
CVE-2021-32726 HIGH
Nextcloud Server <19.0.13, 20.011, 21.0.3 - Info Disclosure
CVSS 7.1
CVE-2021-26088 HIGH
Fortinet Single Sign-On < 6.4.6 - Unauthenticated Authentication Bypass via UDP Login Notification Packets
CVSS 7.1
CVE-2021-32753 HIGH
EdgeX Foundry 1.0.0-2.0.0 - OAuth2 Token Brute-Force via Proxy User Credential Exposure
CVSS 8.3
CVE-2021-25442 HIGH
Samsung Knox Cloud Services < 1.39 - Improper Privilege Management in KME Module
CVSS 7.5
CVE-2021-25430 MEDIUM
Bluetooth App <SMR July-2021 Release 1 - Info Disclosure
CVSS 4.3
CVE-2021-20776 CRITICAL
SCT-40CM01SR/AT-40CM01SR - Command Injection
CVSS 9.8
CVE-2021-32738 MEDIUM
js-stellar-sdk < 8.2.3 - Improper Authentication in Utils.readChallengeTx
CVSS 6.5
CVE-2021-35029 CRITICAL
Zyxel USG/Zywall Series Firmware 4.35-4.64 - Authentication Bypass
CVSS 9.8
CVE-2021-30648 CRITICAL
Symantec ProxySG 6.5-<6.5.10.16 and Advanced Secure Gateway 6.6-<6.7.4.17 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2021-33539 HIGH
Weidmueller Industrial WLAN - Auth Bypass
CVSS 7.2
CVE-2021-33895 HIGH
ETINET BACKBOX E4.09 and H4.09 - Improper Authentication via User ID Mismanagement
CVSS 8.1
CVE-2021-21998 CRITICAL
VMware Carbon Black App Control 8.0-8.1, 8.5-8.5.8, 8.6-8.6.2 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2021-20737 MEDIUM
GROWI < 4.2.20 - Unauthenticated Unauthorized Page Access
CVSS 6.5
CVE-2021-32693 MEDIUM
Symfony 5.3.0-5.3.2 - Improper Authentication via Firewall Token Sharing
CVSS 6.8
CVE-2021-32691 HIGH
Apollos Apps <2.20.0 - Info Disclosure
CVSS 8.8
CVE-2021-1571 HIGH
Cisco Small Business 220 Series Smart Switches < 1.2.0.6 - Improper Authentication
CVSS 7.2
CVE-2021-1543 HIGH
Cisco Small Business 220 Series Smart Switches < 1.2.0.6 - Improper Authentication
CVSS 7.2
CVE-2021-1542 HIGH
Cisco Small Business 220 Series Smart Switches < 1.2.0.6 - Improper Authentication
CVSS 7.2
CVE-2021-1541 HIGH
Cisco Small Business 220 Series Smart Switches - Improper Authentication
CVSS 7.2
Details
Vulnerabilities 4,371
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits