CWE-287 (认证机制不恰当) — Vulnerability Class 1187

1187 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-7012	Puppet-foreman: an authentication bypass vulnerability exists in foreman	9.8	Critical	2024-09-04
CVE-2024-7870	PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 9.7.1 and PixelYourSite PRO <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion — PixelYourSite – Your smart PIXEL (TAG) & API Manager	6.5	Medium	2024-09-04
CVE-2024-45346	GetApps application has code execution vulnerability — GetApps application	8.8	High	2024-08-28
CVE-2024-45036	Improper Access Control Vulnerability When Accessing a Maliciously Crafted Tophat Link — tophat	7.5^AI	High^AI	2024-08-26
CVE-2024-7401	Client Enrollment Process Bypass — Netskope Client	9.8^AI	Critical^AI	2024-08-26
CVE-2024-42336	Servision - CWE-287: Improper Authentication — Servision IVG Webmax 1.0.57	8.2	High	2024-08-20
CVE-2024-38810	Missing Authorization When Using @AuthorizeReturnObject — spring security	6.5	Medium	2024-08-20
CVE-2024-43240	WordPress Indeed Ultimate Membership Pro plugin <= 12.7 - Unauthenticated Privilege Escalation vulnerability — Ultimate Membership Pro	9.4	Critical	2024-08-19
CVE-2024-6078	Rockwell Automation Authentication Bypass Vulnerability in DataMosaix™ — DataMosaix™	9.1^AI	Critical^AI	2024-08-14
CVE-2024-7593	Ivanti Virtual Traffic Manager 安全漏洞 — vTM	9.8	Critical	2024-08-13
CVE-2024-42164	Disabling MFA without Authentication — FIWARE Keyrock	4.3	Medium	2024-08-12
CVE-2024-42038	Huawei EMUI和Huawei HarmonyOS 安全漏洞 — HarmonyOS	8.8	High	2024-08-08
CVE-2024-7395	Insufficient Authentication — JetPort 5601v3	9.8^AI	Critical^AI	2024-08-05
CVE-2019-6197	Lenovo PC Manager 安全漏洞 — PC Manager	7.8	High	2024-07-31
CVE-2019-6198	Lenovo PC Manager 安全漏洞 — PC Manager	7.8	High	2024-07-31
CVE-2022-4001	Motorola Q14 安全漏洞 — Q14 Mesh Router Firmware	7.3	High	2024-07-31
CVE-2022-4002	Motorola Q14 安全漏洞 — Q14 Mesh Router Firmware	7.2	High	2024-07-31
CVE-2024-6576	MOVEit Transfer Privilege Escalation Vulnerability — MOVEit Transfer	7.3	High	2024-07-29
CVE-2024-7050	OpenText Directory Services 安全漏洞 — OpenText Directory Services	9.1	-	2024-07-26
CVE-2024-41800	Craft CMS Allows TOTP Token To Stay Valid After Use — cms	4.8	Medium	2024-07-25
CVE-2024-40648	`UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk — matrix-rust-sdk	5.4	Medium	2024-07-18
CVE-2024-23471	SolarWinds Access Rights Manager (ARM) CreateFile Directory Traversal Remote Code Execution Vulnerability — Access Rights Manager	9.6	Critical	2024-07-17
CVE-2024-23470	SolarWinds Access Rights Manager (ARM) UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability — Access Rights Manager	9.6	Critical	2024-07-17
CVE-2024-23465	SolarWinds Access Rights Manager (ARM) ChangeHumster Exposed Dangerous Method Authentication Bypass Vulnerability — Access Rights Manager	8.3	High	2024-07-17
CVE-2024-28992	SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability — Access Rights Manager	7.6	High	2024-07-17
CVE-2024-39767	Spoofed push notifications from malicious server — Mattermost	4.2	Medium	2024-07-15
CVE-2024-38099	Windows Remote Desktop Licensing Service Denial of Service Vulnerability — Windows Server 2019	5.9	Medium	2024-07-09
CVE-2024-39830	Timing attack during remote cluster token comparison when shared channels are enabled — Mattermost	8.1	High	2024-07-03
CVE-2024-3826	Broken SAML Validation — Akana API Platform	9.1^AI	Critical^AI	2024-07-02
CVE-2024-38523	Hush Line OTP issue — hushline	7.5	High	2024-06-27

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1187 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-287 (认证机制不恰当) — Vulnerability Class 1187