CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287
CVE-2020-8272 HIGH
Citrix SD-WAN Center <11.2.2-10.2.8 - Auth Bypass
CVSS 7.5
CVE-2020-28638 CRITICAL
Tomb 2.0-2.7 - Improper Authentication via Pinentry-Curses Display Handling
CVSS 9.8
CVE-2020-25165 HIGH
BD Alaris PC Unit and Alaris Systems Manager - Denial of Service via Network Session Authentication Bypass
CVSS 7.5
CVE-2020-2050 HIGH
PAN-OS 8.1.0-8.1.16 - Unauthenticated Authentication Bypass in GlobalProtect SSL VPN
CVSS 8.2
CVE-2020-26168 CRITICAL
Hazelcast IMDG Enterprise 4.0-4.0.2 and Jet Enterprise 4.0-4.2 - LDAP Authentication Bypass
CVSS 9.8
CVE-2020-26542 CRITICAL
Percona Server < 2020-10-02 - Improper Authentication via Blank Password in Simple LDAP Plugin
CVSS 9.8
CVE-2020-23139 MEDIUM
Microweber 1.1.18 - Privilege Escalation
CVSS 5.5
CVE-2020-26214 CRITICAL
Alerta < 7.5.7 and 8.0.0-8.1.0 - Authentication Bypass via Empty LDAP Password
CVSS 9.1
CVE-2020-25592 CRITICAL
SaltStack Salt - Improper Authentication Bypass via eauth Credential Validation
CVSS 9.8
CVE-2020-17510 CRITICAL
Apache Shiro < 1.7.0 - Authentication Bypass via Crafted HTTP Request
CVSS 9.8
CVE-2020-8267 MEDIUM
UniFi Protect <1.14.11 - Auth Bypass
CVSS 5.3
CVE-2020-12145 MEDIUM
Silver Peak Unity Orchestrator < 8.9.11+ - Improper Authentication via HTTP Host Header
CVSS 6.6
CVE-2020-15949 HIGH
Immuta 2.8.2 - User Account Takeover via Insecure Permissions
CVSS 7.5
CVE-2020-8236 MEDIUM
Nextcloud Server 19.0.1 - Info Disclosure
CVSS 6.8
CVE-2020-28002 MEDIUM
SonarQube 8.4.2.36762 - Unauthenticated Authentication Bypass via SonarScanner Empty Login
CVSS 5.3
CVE-2020-5425 HIGH
Vmware Tanzu <1.11.3, <1.12.x -1.12.4, <1.13.x-1.13.1 - User Impers...
CVSS 7.9
CVE-2020-7197 CRITICAL
HPE StoreServ Management Console < 3.7.1.1 - Remote Authentication Bypass
CVSS 9.8
CVE-2020-24848 HIGH
FruityWifi < 2.4 - Local Privilege Escalation via Unsafe Sudo Configuration
CVSS 7.8
CVE-2020-3565 MEDIUM
Cisco Firepower Threat Defense < 6.4.0.8 - Unauthenticated Access Control Bypass via TCP Intercept
CVSS 5.8
CVE-2020-3410 HIGH
Cisco Firepower Management Center - Auth Bypass
CVSS 8.1
CVE-2020-15240 HIGH
omniauth-auth0 <2.4.1 - Auth Bypass
CVSS 7.4
CVE-2020-15269 HIGH
Spree <3.7.11, <4.0.4, <4.1.11 - Info Disclosure
CVSS 7.4
CVE-2020-24629 CRITICAL
HPE Intelligent Management Center <PLAT 7.3 - Auth Bypass
CVSS 9.8
CVE-2020-14299 MEDIUM
JBoss Enterprise Application Platform < 5.0.3 - Authentication Bypass via Legacy SecurityRealm Configuration
CVSS 6.5
CVE-2020-7591 HIGH
SIPORT MP < 3.2.1 - Authenticated User Impersonation via Single Sign-On Feature
CVSS 8.8
Details
Vulnerabilities 4,371
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits