CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287
CVE-2020-17523 CRITICAL
Apache Shiro < 1.7.1 - Authentication Bypass via Crafted HTTP Request
CVSS 9.8
CVE-2020-15835 CRITICAL
Mofi Network MOFI4500-4GXeLTE 4.1.5-std - Improper Authentication via Undocumented Root Access
CVSS 9.8
CVE-2020-13859 CRITICAL
Mofi Network MOFI4500-4GXeLTE 4.0.8-std - Unauthenticated Login via Forgotten-Password Feature Abuse
CVSS 9.8
CVE-2020-28874 HIGH
ProjectSend < r1295 - Unauthenticated Password Reset via Invalid Token Handling
CVSS 7.5
CVE-2020-4983 HIGH
IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 - Authenticated Remote Code Execution via Job Submission
CVSS 7.8
CVE-2020-27266 MEDIUM
SOOIL Developments Co., Ltd Diabecare RS - Auth Bypass
CVSS 6.5
CVE-2020-24641 HIGH
Aruba AirWave Glass < 1.3.3 - Unauthenticated Server-Side Request Forgery
CVSS 7.5
CVE-2020-27488 CRITICAL
Loxone Miniserver <11.1 - Info Disclosure
CVSS 9.8
CVE-2020-5686 HIGH
UNIVERGE SV9500/SV8500 - Info Disclosure
CVSS 7.5
CVE-2020-5633 CRITICAL
NEC Baseboard Management Controller < 1.09 - Improper Authentication
CVSS 9.8
CVE-2020-36176 HIGH
iThemes Security < 7.7.0 - Improper Authentication via Password Change Bypass
CVSS 7.5
CVE-2020-35219 CRITICAL
ASUS DSL-N17U Firmware 1.1.0.2 - Unauthenticated Admin Password Change via Advanced_System_Content.asp
CVSS 9.8
CVE-2020-25848 CRITICAL
HGiga MailSherlock < 4.5 - Unauthenticated Privilege Escalation via Default Password Mechanism
CVSS 9.8
CVE-2020-35785 HIGH
NETGEAR DGN2200v1 < 1.0.0.60 - Improper Authentication
CVSS 8.3
CVE-2020-9207 HIGH
Huawei CloudEngine Firmware - Improper Authentication via Malicious File Bypass
CVSS 7.8
CVE-2020-26030 CRITICAL
Zammad < 3.4.1 - Authentication Bypass via SSO Endpoint Header
CVSS 9.8
CVE-2020-24675 CRITICAL
ABB Symphony+ Historian and Operations - Unauthenticated Arbitrary Value Injection to Process Control
CVSS 9.8
CVE-2020-24579 HIGH
D-Link DSL-2888A <AU_2.31_V1.1.47ae55 - Auth Bypass
CVSS 8.8
CVE-2020-27254 HIGH
Emerson Rosemount X-STREAM - Info Disclosure
CVSS 7.5
CVE-2020-27780 CRITICAL
Linux-PAM < 1.5.1 - Improper Authentication for Non-Existing Users with Empty Passwords
CVSS 9.8
CVE-2020-8465 CRITICAL
Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 - Authentication Bypass via System Update Manipulation
CVSS 9.8
CVE-2020-27199 HIGH
Magic Home Pro 1.5.1 - Authentication Bypass via Username Enumeration
CVSS 7.5
CVE-2020-4747 CRITICAL
IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 - Improper Authentication
CVSS 9.8
CVE-2020-0460 HIGH
Android 11 - Improper Certificate Installation leading to Remote Information Disclosure
CVSS 7.5
CVE-2020-25183 HIGH
Medtronic MyCareLink Smart Model 25000 Firmware - Authentication Bypass via Bluetooth Communication
CVSS 8.0
Details
Vulnerabilities 4,371
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits