CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2019-16327 CRITICAL
D-Link DIR-601 B1 2.00NA - Auth Bypass
CVSS 9.8
CVE-2019-19982 MEDIUM
Email Subscribers & Newsletters < 4.2.3 - Unauthenticated Arbitrary Option Creation via admin-post.php
CVSS 5.3
CVE-2019-5108 MEDIUM
Linux Kernel < 5.3 - Denial of Service via IAPP Location Update Spoofing
CVSS 6.5
CVE-2019-5486 HIGH
GitLab <12.3.2, <12.2.6, and <12.1.10 - Authentication Bypass via Salesforce Login Integration
CVSS 8.8
CVE-2019-8804 MEDIUM
iPadOS < 13.2 - Wi-Fi Network Configuration Inconsistency
CVSS 5.7
CVE-2019-8760 MEDIUM
iPhone OS < 13.0 - Improper Authentication via Face ID Spoofing
CVSS 6.8
CVE-2019-8704 MEDIUM
iPhone OS < 13.0 and tvOS < 13 - Unauthenticated Sensitive Information Leak via State Management Issue
CVSS 5.5
CVE-2019-8634 HIGH
macOS < 10.14.5 - Unprotected User Data Exposure via Authentication State Mismanagement
CVSS 8.8
CVE-2019-8533 HIGH
macOS < 10.14.4 - Unprotected User Data Exposure via Lock Handling Issue
CVSS 7.8
CVE-2019-5252 LOW
Huawei Enjoy 8 Plus Firmware <9.1.0.124(c00e112r1p6t8) - Improper Authentication in Applock
CVSS 3.5
CVE-2019-5253 MEDIUM
E5572-855 <8.0.1.3(H335SP1C233) - Auth Bypass
CVSS 5.9
CVE-2019-5061 MEDIUM
hostapd 2.6 - Denial of Service via Forged Authentication and Association Request Packets
CVSS 6.5
CVE-2019-18341 MEDIUM
SINVR 3 Central Control Server < V1.5.0 - Unauthenticated Authentication Bypass via SFTP Service
CVSS 5.3
CVE-2019-18337 CRITICAL
SINVR 3 Central Control Server < V1.5.0 - Authentication Bypass via XML Communication Protocol
CVSS 9.8
CVE-2019-18332 MEDIUM
SPPA-T3000 Application Server < R8.2 SP2 - Unauthenticated Directory Listing Access via Crafted Packets
CVSS 5.3
CVE-2019-18322 CRITICAL
SPPA-T3000 MS3000 Migration Server - Arbitrary File Read and Write via Crafted Packets to Port 5010/tcp
CVSS 9.1
CVE-2019-18321 CRITICAL
SPPA-T3000 MS3000 Migration Server - Arbitrary File Read and Write via Crafted Packets to Port 5010/tcp
CVSS 9.1
CVE-2019-18320 HIGH
SPPA-T3000 Application Server < R8.2 SP2 - Unauthenticated Arbitrary File Upload
CVSS 7.5
CVE-2019-18319 HIGH
SPPA-T3000 Application Server < R8.2 SP2 - Denial of Service via RMI
CVSS 7.5
CVE-2019-18318 HIGH
SPPA-T3000 Application Server < R8.2 SP2 - Denial of Service via RMI
CVSS 7.5
CVE-2019-18317 HIGH
SPPA-T3000 Application Server < R8.2 SP2 - Denial of Service via RMI
CVSS 7.5
CVE-2019-18315 CRITICAL
SPPA-T3000 Application Server < R8.2 SP2 - Remote Code Execution via Crafted Packets to 8888/tcp
CVSS 9.8
CVE-2019-18314 CRITICAL
SPPA-T3000 Application Server < R8.2 SP2 - Remote Code Execution via RMI
CVSS 9.8
CVE-2019-18312 MEDIUM
SPPA-T3000 MS3000 Migration Server - RPC Service Enumeration
CVSS 5.3
CVE-2019-18287 MEDIUM
SPPA-T3000 Application Server < R8.2 SP2 - Unauthenticated Sensitive Information Exposure via Directory Listing
CVSS 5.3
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits