CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2020-15896 HIGH
D-Link DAP-1522 Firmware < 1.10b04Beta02 - Unauthenticated Authentication Bypass via NO_NEED_AUTH Parameter
CVSS 7.5
CVE-2020-6871 CRITICAL
ZTE R5300G4/R5500G4/R8500G4 Firmware - Authentication Bypass
CVSS 9.8
CVE-2020-14494 CRITICAL
OpenClinic GA 5.09.02 and 5.89.05b - Improper Authentication
CVSS 9.8
CVE-2020-14485 CRITICAL
OpenClinic GA 5.09.02 and 5.89.05b - Improper Authentication
CVSS 9.8
CVE-2020-9259 MEDIUM
Huawei Honor V30 Firmware < 10.1.0.212(C00E210R5P1) - Improper Authentication
CVSS 6.5
CVE-2020-3388 HIGH
Cisco SD-WAN vManage Software - Command Injection
CVSS 7.8
CVE-2020-3197 MEDIUM
Cisco Meetings App - Info Disclosure
CVSS 5.3
CVE-2020-3144 CRITICAL
Cisco RV110W RV130 RV130W RV215W Firmware - Unauthenticated Remote Code Execution via Session Management Bypass
CVSS 9.8
CVE-2020-15027 CRITICAL
ConnectWise Automate <2020.x - Auth Bypass
CVSS 9.8
CVE-2020-10288 CRITICAL
ABB RobotWare - Unauthenticated FTP Server Access via Empty Credential Bypass
CVSS 9.8
CVE-2020-8196 MEDIUM KEV
Citrix ADC/Gateway <13.0-58.30 - Info Disclosure
CVSS 4.3
CVE-2020-8193 MEDIUM KEV
Citrix ADC/Gateway <13.0-58.30 - Info Disclosure
CVSS 6.5
CVE-2020-1838 MEDIUM
HUAWEI Mate 30 Pro <10.1.0.150(C00E136R5P3 - Auth Bypass
CVSS 5.5
CVE-2020-4074 HIGH
PrestaShop 1.5.0.0-1.7.6.5 - Improper Authentication
CVSS 8.9
CVE-2020-3297 CRITICAL
Cisco Small Business Smart and Managed Switches - Auth Bypass
CVSS 9.8
CVE-2020-14070 CRITICAL
MK-AUTH 19.01 - Authentication Bypass via Guessable Credentials
CVSS 9.8
CVE-2020-12035 MEDIUM
Baxter PrismaFlex and PrisMax < 3.0 - Improper Authentication via Hard-Coded Service Password
CVSS 4.9
CVE-2020-14477 LOW
Philips ClearVue 850/350 <3.2, CX50, Affiniti 70/50 <5.0, EPIQ 7 <5.0, Sparq <3.0.2, Xperius - Improper Authentication
CVSS 3.6
CVE-2020-10278 MEDIUM
MiR and Enabled Robotics Firmware < 2.8.1.1 - Unauthenticated BIOS Access Control Bypass
CVSS 4.6
CVE-2020-14455 MEDIUM
Mattermost Desktop App < 4.4.0 - Improper Authentication via HTTP Basic Auth Prompt
CVSS 6.5
CVE-2020-3361 HIGH
Cisco Webex Meetings - Privilege Escalation
CVSS 8.1
CVE-2020-9076 MEDIUM
HUAWEI P30, P30 Pro, and Tony-AL00B Firmware < 10.1.0.135 - Improper Authentication via Man-in-the-Middle Attack
CVSS 6.8
CVE-2020-4494 HIGH
IBM Spectrum Protect Client/for Space Management 8.1.7.0-8.1.9.1 Authentication Bypass
CVSS 7.5
CVE-2020-10754 MEDIUM
NetworkManager < 1.22.14 - Improper Authentication via nmcli Profile Creation
CVSS 4.3
CVE-2020-9099 CRITICAL
Huawei IPS Module and NGFW Module - Improper Authentication
CVSS 9.8
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits