CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288
CVE-2022-36249 MEDIUM
Shop Beat Media Player <3.2.57 - Auth Bypass
CVSS 5.4
CVE-2022-40725 HIGH
PingID Desktop < 1.7.4 - Authentication Bypass via PIN Attempt Limit
CVSS 7.3
CVE-2022-42277 HIGH
NVIDIA DGX Station A100 Firmware < 10.16 - Authenticated Arbitrary Flash Read/Write/Erase via SmiFlash
CVSS 7.5
CVE-2022-42276 HIGH
NVIDIA DGX A100 Firmware < 1.18 - Authenticated Arbitrary Flash Access via SmiFlash
CVSS 7.5
CVE-2022-42275 HIGH
NVIDIA BMC < 00.19.07 - Unauthenticated SPI Flash Write via IPMI Handler
CVSS 7.7
CVE-2022-3614 MEDIUM
Octopus Server 3.5-2022.3.10750 - Unauthenticated Open Redirect via AD Sign-In
CVSS 6.1
CVE-2022-47578 HIGH
Zoho ManageEngine Device Control Plus 10.1.2228.15 - Privilege Esca...
CVSS 7.1
CVE-2022-27510 CRITICAL
Citrix Gateway 12.1-<12.1-65.21 - Unauthenticated Improper Authentication
CVSS 9.8
CVE-2022-26870 HIGH
Dell PowerStore <2.1.0.x - Auth Bypass
CVSS 7.0
CVE-2022-23767 HIGH
SecureGate - Unauthenticated SQL Injection and Path Traversal via Login and File Transfer
CVSS 8.8
CVE-2022-36093 HIGH
XWiki Platform Web Templates <14.2 & <13.10.4 - Auth Bypass
CVSS 8.5
CVE-2022-34372 CRITICAL
Dell PowerProtect Cyber Recovery < 19.11.0.2 - Unauthenticated Authentication Bypass via Docker Registry API
CVSS 9.8
CVE-2022-2031 HIGH
Samba < 4.14.14 - Authentication Bypass via Shared KDC and kpasswd Keys
CVSS 8.8
CVE-2022-35869 CRITICAL
Inductive Automation Ignition 8.1.15 - Auth Bypass
CVSS 9.8
CVE-2022-30623 MEDIUM
CHCNAV P5E GNSS Firmware - Improper Authentication via Cookie Status Bypass
CVSS 5.9
CVE-2022-23725 HIGH
PingID Integration for Windows Login < 2.8 - Insufficiently Protected Credentials via Registry Permissions
CVSS 7.7
CVE-2022-23720 HIGH
PingID Windows Login <2.8 - Privilege Escalation
CVSS 7.5
CVE-2022-23719 HIGH
PingID Windows Login < 2.8 - Unauthenticated Spoofing via Local Java Service
CVSS 7.2
CVE-2022-31022 MEDIUM
Bleve < 2.5.0 - Unauthenticated Arbitrary Directory Creation and Deletion via HTTP Handlers
CVSS 6.2
CVE-2022-26865 MEDIUM
Dell Support Assist OS Recovery <5.5.2 - Auth Bypass
CVSS 6.8
CVE-2022-1681 HIGH
wiki.js < 2.5.281 - Authentication Bypass via Alternate Path
CVSS 7.2
CVE-2022-23724 MEDIUM
PingIdentity PingID Integration for Windows Login <= 2.4.2 - Authentication Bypass
CVSS 6.4
CVE-2022-23723 HIGH
PingFederate PingOne MFA Integration Kit - MFA Bypass via Adapter HTML Templates
CVSS 7.7
CVE-2022-23722 MEDIUM
PingFederate - Improper Authentication via Password Reset Mechanism
CVSS 6.5
CVE-2022-0992 CRITICAL
SiteGround Security Optimizer <= 1.2.5 - Unauthenticated Authentication Bypass via 2FA Setup
CVSS 9.8
Details
Vulnerabilities 569
Links
MITRE CWE Entry Search this CWE With Exploits