CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287

CVE-2020-8350 HIGH

Lenovo ThinkPad Stack Wireless Router <1.1.3.4 - Privilege Escalation

CVSS 8.8

CVE-2020-9109 MEDIUM

HUAWEI Mate 20, Mate 20 X, P30 Pro, Laya-AL00EP, Tony-AL00B, Tony-TL00B < 10.1.0.160 - Information Disclosure

CVSS 4.6

CVE-2020-4779 HIGH

IBM Curam Social Program Management 7.0.9-7.0.10 - HTTP Verb Tampering

CVSS 8.1

CVE-2020-26921 HIGH

NETGEAR GS110EMX/GS810EMX/XS512EM/XS724EM Firmware - Unauthenticated Authentication Bypass

CVSS 8.3

CVE-2020-15243 CRITICAL

Smartstore 4.0.0-4.0.1 - Improper Authentication via Web API Plugin

CVSS 9.1

CVE-2020-10816 HIGH

Zoho ManageEngine Apps Mgr <14780 - RCE

CVSS 7.5

CVE-2020-25867 MEDIUM

soplanning < 1.47 - Unauthenticated Access via Security Key Bypass

CVSS 5.3

CVE-2020-12126 CRITICAL

WAVLINK WN530H4 M30H4.V5030.190403 - Unauthenticated Authentication Bypass via /cgi-bin/ Endpoint

CVSS 9.8

CVE-2020-26511 HIGH

wpo365-login < 11.7 - Authentication Bypass via Symmetric JWT Decryption

CVSS 7.5

CVE-2020-26160 HIGH

jwt-go < 4.0.0-preview1 - Improper Audience Claim Validation

CVSS 7.5

CVE-2020-24563 HIGH

Trend Micro Apex One - Privilege Escalation

CVSS 7.8

CVE-2020-26105 CRITICAL

cPanel < 88.0.3 - Improper Authentication via Insecure chkservd Test Credentials

CVSS 9.8

CVE-2020-26101 CRITICAL

cPanel < 88.0.3 - Improper Authentication via Insecure RNDC Credentials

CVSS 9.8

CVE-2020-15222 HIGH

ORY Fosite <0.31.0 - Info Disclosure

CVSS 8.1

CVE-2020-8253 HIGH

Citrix XenMobile <10.12 - Info Disclosure

CVSS 7.5

CVE-2020-8200 MEDIUM

Citrix StoreFront Server < 1912.0.1000 - Info Disclosure

CVSS 6.5

CVE-2020-7297 MEDIUM

McAfee Web Gateway 7.8.0-7.8.2.22 - Authenticated Privilege Escalation via User Interface

CVSS 5.7

CVE-2020-7296 MEDIUM

McAfee Web Gateway 7.8.0-7.8.2.23 - Authenticated Privilege Escalation via User Interface

CVSS 5.7

CVE-2020-7295 LOW

McAfee Web Gateway 7.8.0-7.8.2.23 - Authenticated Privilege Escalation via Log Data Access Controls

CVSS 3.5

CVE-2020-7294 MEDIUM

McAfee Web Gateway 7.8.0-7.8.2.23 - Authenticated Privilege Escalation via REST Interface

CVSS 4.6

CVE-2020-7293 CRITICAL

McAfee Web Gateway 7.8.0-7.8.2.23 - Authenticated Privilege Escalation via User Interface

CVSS 9.0

CVE-2020-16098 CRITICAL

Gallagher Command Centre < 8.00.1228 - Missing Authentication

CVSS 9.8

CVE-2020-13303 HIGH

GitLab <13.1.10-13.3.4 - Info Disclosure

CVSS 7.1

CVE-2020-15802 MEDIUM

Bluetooth Core Specification < 5.1 - Unauthenticated Man-in-the-Middle via Cross Transport Key Derivation

CVSS 5.9

CVE-2020-16222 HIGH

Philips Patient Information Center iX and PerformanceBridge Focal Point - Improper Authentication

CVSS 8.8

Details

Vulnerabilities 4,371

Exploit Likelihood High

Links