CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2019-6197 HIGH
Lenovo PCManager < 2.8.90.11211 - Privilege Escalation
CVSS 7.8
CVE-2019-12254 CRITICAL
Tecson Tankspion/GOKs SmartBox 4 - Info Disclosure
CVSS 9.8
CVE-2019-9564 HIGH
Wyze Cam <4.49.1.47, <4.9.8.1002, <4.36.8.32 - Auth Bypass
CVSS 7.5
CVE-2019-18906 CRITICAL
SUSE Linux Enterprise Server for SAP <12-SP5 - Improper Authentication
CVSS 9.8
CVE-2019-20464 HIGH
Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 Firmware - Unauthenticated Video Feed Access via RTSP Port
CVSS 7.5
CVE-2019-5317 MEDIUM
Aruba Instant <8.4.0.5 - Auth Bypass
CVSS 6.8
CVE-2019-14553 MEDIUM
EDK II - Improper Authentication via Network Access
CVSS 4.9
CVE-2019-20933 CRITICAL
InfluxDB < 1.7.6 - Authentication Bypass via Empty JWT SharedSecret
CVSS 9.8
CVE-2019-19562 MEDIUM
Mercedes-Benz HERMES 2.1 - Info Disclosure
CVSS 4.6
CVE-2019-19560 MEDIUM
Mercedes-Benz HERMES 1.5 - Info Disclosure
CVSS 4.6
CVE-2019-16028 CRITICAL
Cisco Firepower Management Center - Auth Bypass
CVSS 9.8
CVE-2019-15993 MEDIUM
Cisco Small Business Switches - Info Disclosure
CVSS 5.3
CVE-2019-10562 HIGH
Qualcomm Snapdragon Firmware - Improper Authentication and Signature Verification in Secure Boot Loader
CVSS 7.8
CVE-2019-20033 CRITICAL
NEC SV8100 Firmware - Unauthenticated Access via Hardcoded DIM Interface Credentials
CVSS 9.8
CVE-2019-20027 CRITICAL
NEC SV8100/SV9100/SL1100/SL2100 Firmware >=7.0 - Unauthenticated Authentication Bypass via Blank Credentials
CVSS 9.8
CVE-2019-18252 MEDIUM
BIOTRONIK CardioMessenger II - Improper Authentication via Credential Reuse
CVSS 4.3
CVE-2019-18246 MEDIUM
BIOTRONIK CardioMessenger II-S GSM and T-Line Firmware - Improper Authentication
CVSS 4.3
CVE-2019-20412 MEDIUM
Atlassian Jira < 7.13.9 and 8.0.0-8.4.2 - Information Disclosure via Convert Sub-Task to Issue Page
CVSS 5.3
CVE-2019-20879 MEDIUM
Mattermost Server < 4.10.7, < 5.6.5, < 5.7.2, < 5.8.0 - Improper Authentication via Email Change
CVSS 4.3
CVE-2019-20875 MEDIUM
Mattermost Server < 5.9.0, < 5.8.1, < 5.7.3, < 4.10.8 - Improper Authentication via Password Reset
CVSS 5.3
CVE-2019-20833 HIGH
Foxit PhantomPDF < 8.3.10 - Improper Authentication via Google Drive Cloud Credentials
CVSS 7.5
CVE-2019-18823 CRITICAL
HTCondor <8.8.6-8.9.4 - Privilege Escalation
CVSS 9.8
CVE-2019-19104 CRITICAL
ABB Telephone Gateway TG/S 3.2 - Info Disclosure
CVSS 9.1
CVE-2019-20786 CRITICAL
Pion DTLS < 1.5.2 - Unauthenticated Arbitrary Data Injection via Epoch 0 Application Data
CVSS 9.8
CVE-2019-14880 CRITICAL
Moodle 3.5-3.5.8, 3.6-3.6.6, 3.7-3.7.2 - Improper Authentication during OAuth 2 Sign-Up
CVSS 9.1
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits