CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288

CVE-2022-22189 HIGH

Juniper Networks CSO <6.0.0 Patch v3 - Privilege Escalation

CVSS 7.3

CVE-2022-1067 MEDIUM

Lifepoint Patient Portal < lpi_3.5.12.p30 - Unauthenticated Lab Report PDF Generation

CVSS 6.5

CVE-2022-24813 MEDIUM

CreateWiki < 2022-04-02 - Unauthenticated Anonymous Comment Posting via Special:RequestWikiQueue

CVSS 5.3

CVE-2022-24047 CRITICAL

BMC Track-It! 20.21.01.102 - Auth Bypass

CVSS 9.8

CVE-2021-4353 MEDIUM

WooCommerce Dynamic Pricing & Discounts <2.4.1 - Info Disclosure

CVSS 5.3

CVE-2021-4373 HIGH

Better Search <= 2.5.2 - Cross-Site Request Forgery via Settings Import

CVSS 8.8

CVE-2021-41995 HIGH

PingID Integration for Mac Login < 1.1 - MFA Bypass via RSA Misconfiguration

CVSS 7.7

CVE-2021-35530 MEDIUM

Hitachi Energy TXpert Hub CoreTec <2.2 - Privilege Escalation

CVSS 6.0

CVE-2021-26634 CRITICAL

maxb maxboard < 1.9.6 - Unrestricted File Upload and SQL Injection

CVSS 9.8

CVE-2021-32958 MEDIUM

Claroty Secure Remote Access Site <3.2 - Privilege Escalation

CVSS 5.5

CVE-2021-31559 HIGH

Splunk Enterprise Indexer <8.1.5, <8.2.1 - Auth Bypass

CVSS 7.5

CVE-2021-41992 HIGH

PingID Integration for Windows Login < 2.7 - Offline MFA Bypass via RSA Misconfiguration

CVSS 7.7

CVE-2021-3897 CRITICAL

Lenovo Fan Power Controller2/FPC2 - Auth Bypass

CVSS 9.8

CVE-2021-3849 CRITICAL

Lenovo Fan Power Controller2/FPC2 - Auth Bypass

CVSS 9.8

CVE-2021-32986 CRITICAL

Automation Direct CLICK PLC CPU <3.00 - Privilege Escalation

CVSS 9.8

CVE-2021-32984 CRITICAL

Automation Direct CLICK PLC <v3.00 - Privilege Escalation

CVSS 9.8

CVE-2021-32980 CRITICAL

Automation Direct CLICK PLC CPU <3.00 - Privilege Escalation

CVSS 9.8

CVE-2021-34977 HIGH

NETGEAR R7000 Firmware 1.0.11.116_10.2.100 - Unauthenticated Authentication Bypass via SOAP Request

CVSS 8.8

CVE-2021-33017 HIGH

Philips IntelliBridge EC40 and EC80 Firmware < c.00.04 - Unauthenticated Authentication Bypass via Alternate Path

CVSS 8.1

CVE-2021-43985 CRITICAL

mySCADA myPRO <8.20.0 - Info Disclosure

CVSS 9.1

CVE-2021-21952 CRITICAL

Anker Eufy Homebase 2 2.1.6.9h - Authentication Bypass via CMD_DEVICE_GET_RSA_KEY_REQUEST

CVSS 9.8

CVE-2021-27453 HIGH

Mesa Labs AmegaView <3.0 - Auth Bypass

CVSS 7.3

CVE-2021-43935 HIGH

Welch Allyn Connex Cardio < 1.1.1 - Improper Authentication via SSO Manual Account Entry

CVSS 8.1

CVE-2021-36308 MEDIUM

Networking OS10 <October 2021 - Auth Bypass

CVSS 5.9

CVE-2021-41292 CRITICAL

ECOA BAS Controller - Unauthenticated Authentication Bypass via Cookie Poisoning

CVSS 9.8

Details

Vulnerabilities 569

Links