Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-287 (认证机制不恰当) — Vulnerability Class 1187

1187 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-22237 Junos OS: Peers not configured for TCP-AO can establish a BGP or LDP session even if authentication is configured locally — Junos OS 6.5 Medium2022-10-18
CVE-2022-31122 Wire-server vulnerable to Token Recipient Confusion resulting in account impersonation, deletion or malicious account creation — wire-server 9.8 Critical2022-10-18
CVE-2022-23769 Secuever reverseWall-MDS Remote Code Execution Vulnerability — reverseWall-MDS 7.5 High2022-10-17
CVE-2022-42463 Softbus_server in communication subsystem has a authenication bypass vulnerability in a callback handler function. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary co ... — OpenHarmony 8.3 High2022-10-14
CVE-2022-42488 Startup subsystem missed permission validation in param service. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. — OpenHarmony 8.4 High2022-10-14
CVE-2022-39229 Grafana users with email as a username can block other users from signing in — grafana 4.3 Medium2022-10-13
CVE-2022-3465 Mediabridge Medialink index.asp improper authentication — Medialink 7.3 High2022-10-12
CVE-2022-40664 Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher — Apache Shiro 9.8 -2022-10-12
CVE-2022-39290 CSRF key bypass using HTTP methods in zoneminder — zoneminder 8.0 High2022-10-07
CVE-2022-20662 Cisco Duo for macOS Authentication Bypass Vulnerability — Cisco Duo 6.1 Medium2022-09-30
CVE-2022-39263 NextAuth.js Upstash Adapter missing token verification — next-auth 6.8 Medium2022-09-28
CVE-2022-22523 Carlo Gavazzi UWP 3.0 WebApp allows for authentication bypass — UWP 3.0 Monitoring Gateway and Controller 7.5 High2022-09-28
CVE-2022-39219 Bifrost users using basic authntication can bypass write permission limit — Bifrost 8.5 High2022-09-26
CVE-2022-3119 OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass — OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) 9.1 -2022-09-26
CVE-2022-30124 Rocket.Chat 授权问题漏洞 — Rocket.Chat Mobile app 6.8 -2022-09-23
CVE-2022-35248 Rocket.Chat 授权问题漏洞 — Rocket.Chat 8.8 -2022-09-23
CVE-2021-45035 Velneo vClient Improper authentication — Velneo vClient 6.3 Medium2022-09-23
CVE-2022-39238 Improper Authentication in Arvados when using PAM as identity provider — arvados 4.2 Medium2022-09-23
CVE-2022-39231 Parse Server subject to Improper Authentication allowing Auth adapter app ID validation to be circumvented — parse-server 3.7 Low2022-09-23
CVE-2022-3173 Improper Authentication in snipe/snipe-it — snipe/snipe-it 7.1 -2022-09-17
CVE-2022-39205 Access Control Bypass in Onedev — onedev 9.0 Critical2022-09-13
CVE-2022-36106 Missing check for expiration time of password reset token in TYPO3 — typo3 5.4 Medium2022-09-13
CVE-2022-39801 Contributor License Agreement assistant 授权问题漏洞 — SAP GRC Access Control Emergency Access Management 8.8 -2022-09-13
CVE-2022-36092 XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action — xwiki-platform 7.5 High2022-09-08
CVE-2022-36073 RubyGems allows creation of users with arbitrary unverified emails — rubygems.org 8.3 High2022-09-07
CVE-2022-26858 Dell BIOS 授权问题漏洞 — CPG BIOS 6.1 Medium2022-09-06
CVE-2022-31020 Remote code execution in Indy's NODE_UPGRADE transaction — indy-node 8.8 High2022-09-06
CVE-2022-36071 Recovery codes abuse in SFTPGo — sftpgo 8.3 High2022-09-02
CVE-2022-34380 Dell CloudLink 授权问题漏洞 — CloudLink 9.3 Critical2022-09-01
CVE-2022-34379 Dell EMC CloudLink 授权问题漏洞 — CloudLink 9.4 Critical2022-09-01

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1187 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.