CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287
CVE-2020-25251 CRITICAL
Hyland OnBase < 16.0.2.83, <= 17.0.2.109, <= 18.0.0.37, <= 19.8.16.1000, <= 20.3.10.1000 - Improper Authentication
CVSS 9.1
CVE-2020-15787 CRITICAL
SIMATIC HMI Unified Comfort Panels <= V16 - Info Disclosure
CVSS 9.8
CVE-2020-7323 MEDIUM
McAfee Endpoint Security < 10.7.0 - Authentication Bypass via Windows Lock Screen Detection Event
CVSS 6.9
CVE-2020-24987 CRITICAL
Tenda AC18 Firmware < v15.03.05.05_en - Remote Code Execution via Radius Authentication Bypass
CVSS 9.8
CVE-2020-24029 CRITICAL
ForLogic Qualiex v1/v3 - Info Disclosure
CVSS 9.8
CVE-2020-5777 CRITICAL
MAGMI < 0.7.24 - Unauthenticated Authentication Bypass via Database Connection Failure
CVSS 9.8
CVE-2020-24786 CRITICAL
ManageEngine ADSelfService Plus < 5817 - Authentication Bypass via UpdateProductDetails Servlet
CVSS 9.8
CVE-2020-8097 HIGH
Bitdefender Endpoint Security <6.6.18.261 - Privilege Escalation
CVSS 8.1
CVE-2020-15164 CRITICAL
Scratch Login <1.1 - Info Disclosure
CVSS 10.0
CVE-2020-15605 HIGH
Trendmicro Deep Security Manager - Authentication Bypass
CVSS 8.1
CVE-2020-15601 HIGH
Trend Micro Deep Security 10.x-12.x - Unauthenticated LDAP Authentication Bypass
CVSS 8.1
CVE-2020-4167 MEDIUM
IBM Security Guardium Insights 2.0.1 - Improper Authentication
CVSS 6.5
CVE-2020-3151 MEDIUM
Cisco Connected Mobile Experiences - Authenticated Restricted Shell Escape via CLI Command Injection
CVSS 6.7
CVE-2020-15482 HIGH
Niscomed M1000 Firmware - Unauthenticated Cleartext Transmission of Sensitive Information via Telnet
CVSS 7.8
CVE-2020-16251 HIGH
HashiCorp Vault 0.8.3-1.2.4 - Authentication Bypass via GCP GCE Auth Method
CVSS 8.2
CVE-2020-24612 MEDIUM
selinux-policy <2020-08-24 - Privilege Escalation
CVSS 6.7
CVE-2020-19888 MEDIUM
DBHcms 1.2.0 - Unauthenticated Unauthorized Cache Clearing via page.php
CVSS 5.9
CVE-2020-10123 MEDIUM
NCR SelfSev APTRA XFS <05.01.00 - Privilege Escalation
CVSS 5.3
CVE-2020-16239 MEDIUM
Philips SureSigns VS4 Firmware < a.07.107 - Improper Authentication
CVSS 4.9
CVE-2020-15149 CRITICAL
NodeBB <1.14.3 - Privilege Escalation
CVSS 9.9
CVE-2020-3411 HIGH
Cisco Catalyst Center 1.3-1.3.1.3 - Unauthenticated Sensitive Information Disclosure via Authentication Token Handling
CVSS 7.5
CVE-2020-9233 CRITICAL
FusionCompute 8.0.0 - Improper Authentication
CVSS 9.1
CVE-2020-4662 HIGH
IBM Event Streams 10.0.0 - Authenticated Improper Authentication Validation
CVSS 8.8
CVE-2020-8685 MEDIUM
Intel (R) LED Manager for NUC <1.2.3 - DoS
CVSS 4.4
CVE-2020-8714 HIGH
Intel(R) Server <1.59 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 4,371
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits