Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 436

436 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-42275 NVIDIA BMC 访问控制错误漏洞 — NVIDIA DGX servers 7.7 High2023-01-13
CVE-2022-27510 Unauthorized access to Gateway user capabilities — Citrix Gateway, Citrix ADC 9.8 Critical2022-11-08
CVE-2022-26870 Dell EMC PowerStore 授权问题漏洞 — PowerStore 7.0 High2022-10-21
CVE-2022-23767 SecureGate authentication bypass vulnerability — SecureGate 8.8 High2022-09-19
CVE-2022-36093 XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard — xwiki-platform 8.5 High2022-09-08
CVE-2022-34372 Dell PowerProtect Cyber Recovery 授权问题漏洞 — Cyber Recovery 9.8 Critical2022-09-01
CVE-2022-2031 Samba 授权问题漏洞 — samba 8.8 -2022-08-25
CVE-2022-35869 Inductive Automation Ignition授权问题漏洞 — Ignition 9.8 -2022-07-25
CVE-2022-30623 Chcnav - P5E GNSS Authentication bypass — Chcnav - P5E GNSS 5.9 Medium2022-07-18
CVE-2021-35530 User authentication bypass in TXpert Hub CoreTec 4 — TXpert Hub CoreTec 4 version 6.0 Medium2022-06-07
CVE-2022-31022 Missing Role Based Access Control for the REST handlers in bleve/http package — bleve 6.2 Medium2022-06-01
CVE-2022-26865 DELL SupportAssist OS Recovery 授权问题漏洞 — Dell OS Recovery Tool 6.8 Medium2022-05-26
CVE-2021-32958 Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel — Secure Remote Access (SRA) Site 5.5 Medium2022-05-23
CVE-2022-1681 Authentication Bypass Using an Alternate Path or Channel in requarks/wiki — requarks/wiki 7.2 -2022-05-12
CVE-2021-31559 S2S TcpToken authentication bypass — Splunk Enterprise 7.5 High2022-05-06
CVE-2022-23723 PingFederate PingOneMFA Integration Kit MFA Bypass — PingFederate PingOne MFA Integration Kit 7.7 High2022-05-02
CVE-2022-23722 PingFederate Password Reset via Authentication API Mishandling — PingFederate 6.5 -2022-05-02
CVE-2021-3897 Lenovo Fan Power Controller2 授权问题漏洞 — Fan Power Controller2 (FPC2) 9.8 Critical2022-04-22
CVE-2021-3849 Lenovo Fan Power Controller2和Lenovo System Management Module 授权问题漏洞 — Fan Power Controller2 (FPC2) 9.8 Critical2022-04-22
CVE-2022-0992 SiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup — Security Optimizer – The All-In-One Protection Plugin 9.8 Critical2022-04-19
CVE-2022-22189 Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication — Contrail Service Orchestration 7.3 High2022-04-14
CVE-2022-1067 ICSMA-22-095-01 LifePoint Informatics Patient Portal — Patient Portal 6.5 Medium2022-04-11
CVE-2021-32986 Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel — CLICK PLC CPU Modules: C0-1x CPUs 9.8 Critical2022-04-04
CVE-2021-32984 Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel — CLICK PLC CPU Modules: C0-1x CPUs 9.8 Critical2022-04-04
CVE-2021-32980 Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel — CLICK PLC CPU Modules: C0-1x CPUs 9.8 Critical2022-04-04
CVE-2022-24813 Authentication Bypass Using an Alternate Path or Channel in CreateWiki — CreateWiki 5.3 Medium2022-04-04
CVE-2022-24047 Track-It! 授权问题漏洞 — Track-It! 9.8 -2022-02-18
CVE-2021-34977 NETGEAR R7000 授权问题漏洞 — R7000 8.8 -2022-01-13
CVE-2021-33017 Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel — IntelliBridge EC 40 Hub 8.1 High2021-12-27
CVE-2021-43985 mySCADA myPRO — myPRO 9.1 Critical2021-12-23

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 436 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.