CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287
CVE-2021-27610 CRITICAL
SAP NetWeaver ABAP Server/ABAP Platform - Info Disclosure
CVSS 9.8
CVE-2021-24359 MEDIUM
The Plus Addons for Elementor Page Builder < 4.1.11 - Improper Access Control in Password Reset
CVSS 5.3
CVE-2021-22764 MEDIUM
PowerLogic - Improper Authentication
CVSS 5.3
CVE-2021-25424 HIGH
Tizen bluetooth-frwk <JUN-2021 - Privilege Escalation
CVSS 8.8
CVE-2021-25389 LOW
S Secure <SMR MAY-2021 Release 1 - Privilege Escalation
CVSS 2.3
CVE-2021-34546 MEDIUM
NetSetMan < 5.0 - Unauthenticated Privilege Escalation via Save Log Feature
CVSS 6.8
CVE-2021-23847 CRITICAL
Bosch CPP6, CPP7, CPP7.3 <7.80 B128 - Unauthenticated Info Exposure & Settings Modification
CVSS 9.8
CVE-2021-31251 CRITICAL
Chiyu-tech BF-430/431/450M and SEMAC Firmware - Authentication Bypass via Malformed Telnet Request
CVSS 9.8
CVE-2021-3424 MEDIUM
Red Hat Single Sign-On 7.4 - IDN Homograph Attack via User Registration
CVSS 5.3
CVE-2021-32646 MEDIUM
dav-cogs < 1.0.1 - Unauthenticated Permission Escalation via Private Voice Channel Takeover
CVSS 5.3
CVE-2021-32637 CRITICAL
Authelia 4.0.0-4.25.0 and 4.0.0-alpha1-4.29.2 - Authentication Bypass via Malformed HTTP Request
CVSS 10.0
CVE-2021-20278 MEDIUM
Kiali < 1.31.0 - Authentication Bypass via OpenID Implicit Flow
CVSS 6.5
CVE-2021-32543 MEDIUM
sysjust cts_web < 2021.3.24 - Improper Authentication via Cookie Manipulation
CVSS 6.5
CVE-2021-32541 MEDIUM
sysjust cts_web < 2021.3.24 - Unauthenticated Denial of Service via Forced Session Termination
CVSS 5.3
CVE-2021-31924 MEDIUM
Yubico pam-u2f < 1.1.1 - Local PIN Bypass via NULL PIN Submission
CVSS 6.8
CVE-2021-27734 CRITICAL
Hirschmann HiOS <8.5.xx - Privilege Escalation
CVSS 9.8
CVE-2021-29047 HIGH
Liferay Portal 7.3.4-7.3.5 and DXP < 7.3.10.fp1 - Improper Authentication via SimpleCaptcha Reuse
CVSS 7.5
CVE-2021-22155 HIGH
BlackBerry Workspaces Server <= 9.1 - Authentication Bypass in SAML Authentication
CVSS 8.8
CVE-2021-23008 CRITICAL
BIG-IP APM <15.1.3,14.1.4,13.1.4,12.1.6,16.0.x,11.6.x - Auth Bypass
CVSS 9.8
CVE-2021-31520 HIGH
Trend Micro IM Security 1.6 and 1.6.5 - Weak Session Token Authentication Bypass
CVSS 8.1
CVE-2021-26077 HIGH
Atlassian Connect Spring Boot 1.1.0-2.1.3 and 2.1.4-2.1.5 - Improper Authentication via Context JWT Acceptance
CVSS 8.8
CVE-2021-28152 CRITICAL
Hongdian H8922 3.0.5 - Privilege Escalation
CVSS 9.8
CVE-2021-32030 CRITICAL KEV
ASUS GT-AC2900 & Lyra Mini <3.0.0.4.386.42643/<3.0.0.4.384.46630 - Auth Bypass via Null Byte
CVSS 9.8
CVE-2021-31245 MEDIUM
openmptcprouter < 0.57.3 - Timing Attack via Password Length Comparison
CVSS 5.9
CVE-2021-1468 CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 20.3.3 - Improper Authentication
CVSS 9.8
Details
Vulnerabilities 4,371
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits