CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287
CVE-2021-3153 MEDIUM
HashiCorp Terraform Enterprise < 202102-2 - Improper Authentication via Organization-Level MFA Bypass
CVSS 6.5
CVE-2021-25368 LOW
Samsung Cloud <4.7.0.3 - Info Disclosure
CVSS 3.3
CVE-2021-22496 HIGH
Micro Focus Access Manager <4.5.3.3 - Auth Bypass
CVSS 7.5
CVE-2021-26070 HIGH
Atlassian Jira Server/Data Center <8.13.3, 8.14.0-8.14.1 Broken Authentication
CVSS 7.2
CVE-2021-24148 CRITICAL
MStore API < 3.2.0 - Unauthenticated Authentication Bypass via Sign In With Apple
CVSS 9.8
CVE-2021-22860 CRITICAL
EIC e-document system - Info Disclosure
CVSS 9.8
CVE-2021-20018 MEDIUM
SonicWall SMA100 < 10.2.0.5 - Authenticated Configuration Export to Arbitrary Email
CVSS 4.9
CVE-2021-21378 HIGH
Envoy - Authentication Bypass
CVSS 8.2
CVE-2021-21335 MEDIUM
spnego_http_authentication_module < 1.1.1 - Authentication Bypass via Malformed Username
CVSS 5.3
CVE-2021-21329 HIGH
RATCF < 2021-02-26 - Improper Authentication via Multi-Factor Authentication Bypass
CVSS 8.7
CVE-2021-25347 MEDIUM
Samsung Email <SMR Feb-2021 Release 1 - Info Disclosure
CVSS 5.3
CVE-2021-25343 MEDIUM
Samsung Members <2.4.81.13-3.8.00.13 - DoS
CVSS 4.0
CVE-2021-25342 MEDIUM
Samsung Members < 2.4.81.13 - Improper Authentication via Non-Existent Provider Call
CVSS 4.0
CVE-2021-25341 MEDIUM
Samsung S Assistant < 6.5.01.22 - Unauthenticated Denial of Service via Provider Hijacking
CVSS 4.0
CVE-2021-25315 CRITICAL
SUSE Linux Enterprise Server 15 SP 3 - Auth Bypass
CVSS 9.8
CVE-2021-21513 HIGH
Dell OpenManage Server Administrator < 9.4.0.3 - Unauthenticated Authentication Bypass via Distributed Web Server
CVSS 8.6
CVE-2021-3332 MEDIUM
WPS Hide Login 1.6.1 - Unauthenticated Protection Mechanism Bypass via post_password
CVSS 5.3
CVE-2021-25281 CRITICAL
SaltStack Salt < 3002.5 - Unauthenticated Remote Command Execution via wheel_async Client
CVSS 9.8
CVE-2021-21308 MEDIUM
PrestaShop <1.7.2 - Privilege Escalation
CVSS 6.1
CVE-2021-3339 MEDIUM
Microsoft ModernFlow < 1.3.00.208 - Unauthenticated Improper Authentication
CVSS 4.3
CVE-2021-22858 HIGH
changjia_property_management_system - Improper Authentication
CVSS 8.8
CVE-2021-21502 CRITICAL
Dell PowerScale OneFS 8.1.0-9.1.0 - Authenticated SSH Key Use Past Account Expiration
CVSS 9.8
CVE-2021-26905 MEDIUM
1Password SCIM Bridge < 1.6.2 - Authenticated TLS Private Key Disclosure via Log File Request
CVSS 6.5
CVE-2021-3282 HIGH
HashiCorp Vault Enterprise <1.6.2 - Privilege Escalation
CVSS 7.5
CVE-2021-25910 HIGH
ZIV AUTOMATION 4CCT-EA6-334126BF - Improper Authentication via Cookie Parameter
CVSS 8.0
Details
Vulnerabilities 4,371
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits