CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287

CVE-2021-26117 HIGH

Apache ActiveMQ 5.15.0-5.15.13 and 5.16.0 - Improper Authentication via LDAP Anonymous Bind

CVSS 7.5

CVE-2021-3297 HIGH

Zyxel NBG2105 V1.00(AAGU.2)C0 - Privilege Escalation

CVSS 7.8

CVE-2021-25863 HIGH

Open5GS 2.1.3 - Improper Authentication via Default Admin Credentials

CVSS 8.8

CVE-2021-22171 HIGH

GitLab 11.5.0-13.5.5 - API Token Theft via Malicious Link

CVSS 7.3

CVE-2021-1725 MEDIUM

Bot Framework SDK - Information Disclosure via Improper Authentication

CVSS 5.5

CVE-2020-9250 LOW

Huawei Mate 20 Pro Firmware - Unauthenticated Insufficiently Protected Credentials via Crafted Software Package

CVSS 3.3

CVE-2020-36832 CRITICAL

Ultimate Membership Pro <8.6 - Auth Bypass

CVSS 9.8

CVE-2020-18305 HIGH

Extreme Networks EXOS <v.22.7 & <v.30.2 - Info Disclosure

CVSS 8.0

CVE-2020-20402 HIGH

portfolioCMS v1.05 - Improper Authentication via Session Fixation

CVSS 7.5

CVE-2020-22657 CRITICAL

Ruckus APs and SmartZone Controllers - Web GUI Authentication Bypass

CVSS 9.1

CVE-2020-36569 CRITICAL

golang-nanoauth - Authentication Bypass via Empty Token

CVSS 9.1

CVE-2020-11101 CRITICAL

Sierra Wireless AirLink Mobility Manager <2.17 - Privilege Escalation

CVSS 9.8

CVE-2020-36548 MEDIUM

GE Voluson S8 Firmware - Improper Authentication via users.cgi

CVSS 5.9

CVE-2020-36533 LOW

Klapp App - Weak Authentication in JSON Web Token Handler

CVSS 3.7

CVE-2020-36528 MEDIUM

Platinum Mobile 1.0.4.850 - Authenticated Broken Access Control in MobileHandler.ashx

CVSS 5.5

CVE-2020-14504 MEDIUM

1734-AENTR Series B/C Firmware 4.001-4.004 - Unauthenticated Config Modification via HTTP POST

CVSS 5.3

CVE-2020-25719 HIGH

Samba 4.0.0-4.13.14 - Improper Authentication via Kerberos PAC Handling

CVSS 7.2

CVE-2020-4879 CRITICAL

IBM Cognos Controller 10.4.0-10.4.2 - Improper Authentication via Cookie Validation Bypass

CVSS 9.8

CVE-2020-23058 MEDIUM

Nong Ge File Explorer <1.4 - Info Disclosure

CVSS 4.6

CVE-2020-11301 CRITICAL

Qualcomm APQ8009 and other Firmware - Information Disclosure via Unencrypted Wi-Fi Frame Authentication

CVSS 9.1

CVE-2020-11264 CRITICAL

Qualcomm APQ8053 Firmware - Improper Authentication of Non-EAPOL/WAPI Frames

CVSS 9.1

CVE-2020-16839 HIGH

Crestron DM-NVX-DIR Firmware - Unauthenticated Password Change via WebSocket Request

CVSS 7.5

CVE-2020-21932 MEDIUM

Motorola CX2 Firmware CX 1.0.2 Build 20190508 Rel.97360n - Improper Authentication via Login Bypass

CVSS 5.3

CVE-2020-4821 CRITICAL

IBM InfoSphere Data Replication 11.4 / CDC z/OS 10.2.1 - Authentication Bypass via Empty Password

CVSS 9.8

CVE-2020-19037 MEDIUM

Halo 0.4.3 - Incorrect Access Control via Cookie Manipulation

CVSS 5.3

Details

Vulnerabilities 4,371

Exploit Likelihood High

Links