CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287
CVE-2021-21544 LOW
Dell EMC iDRAC9 < 4.40.00.00 - Authenticated Username Manipulation via Comment Section
CVSS 2.7
CVE-2021-27651 CRITICAL
Pega Infinity 8.2.1-8.5.2 - Authentication Bypass via Password Reset
CVSS 9.8
CVE-2021-20092 HIGH
Buffalo WSR-2533DHPL2 and WSR-2533DHP3 Firmware - Unauthenticated Sensitive Information Exposure
CVSS 7.5
CVE-2021-25147 HIGH
Aruba AirWave <8.2.12.1 - Auth Bypass
CVSS 8.1
CVE-2021-23365 MEDIUM
tyk-identity-broker < 1.1.1 - Authentication Bypass via Go XML Parser
CVSS 4.8
CVE-2021-22893 CRITICAL KEV
Pulse Connect Secure >=9.0R3/9.1R1 - Auth Bypass
CVSS 10.0
CVE-2021-20590 HIGH
GOT2000/GOT SIMPLE <1.40 - Auth Bypass
CVSS 7.5
CVE-2021-26074 MEDIUM
Atlassian Connect Spring Boot 1.1.0-2.1.2 - Improper Authentication via Context JWT Acceptance
CVSS 6.5
CVE-2021-26073 HIGH
atlassian-connect-express 3.0.2-6.5.9 - Improper Authentication via Context JWT Acceptance
CVSS 7.7
CVE-2021-20288 HIGH
Ceph < 14.2.20 - Authentication Bypass via Key Reuse
CVSS 7.2
CVE-2021-27990 HIGH
Appspace 6.2.4 - Improper Authentication via Direct Page Access
CVSS 7.5
CVE-2021-21399 CRITICAL
Ampache < 4.4.1 - Unauthenticated Access Control Bypass via Subsonic API
CVSS 9.1
CVE-2021-22497 LOW
Advanced Authentication <6.3 SP4 - Auth Bypass
CVSS 3.8
CVE-2021-20020 CRITICAL
SonicWall GMS 9.3 - Unauthenticated Command Execution
CVSS 9.8
CVE-2021-25377 LOW
Samsung Experience Service <12.2.0.5 - Privilege Escalation
CVSS 3.3
CVE-2021-22507 CRITICAL
Micro Focus Operations Bridge Manager <2020.10 - Auth Bypass
CVSS 9.8
CVE-2021-27522 HIGH
Learnsite 1.2.5.0 - Privilege Escalation
CVSS 8.8
CVE-2021-28174 MEDIUM
Mitake Smart Stock Selection System - Auth Bypass
CVSS 6.5
CVE-2021-1472 MEDIUM
Cisco RV Series Firmware - Unauthenticated RCE and Auth Bypass
CVSS 5.3
CVE-2021-30158 MEDIUM
MediaWiki <1.35.2 - Info Disclosure
CVSS 5.3
CVE-2021-24175 CRITICAL
The Plus Addons for Elementor < 4.1.7 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2021-29012 CRITICAL
DMA Softlab Radius Manager 4.4.0 - Improper Authentication via Static Session Cookie
CVSS 9.8
CVE-2021-23923 HIGH
Devolutions Server < 2020.3 - Broken Authentication with Windows Domain Users
CVSS 8.1
CVE-2021-21982 CRITICAL
VMware Carbon Black Cloud Workload < 1.0.1 - Authentication Bypass
CVSS 9.1
CVE-2021-21403 HIGH
kongchuanhujiao < 1.3.21 - Authentication Bypass
CVSS 7.5
Details
Vulnerabilities 4,371
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits