Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-290 (使用欺骗进行的认证绕过) — Vulnerability Class 237

237 vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-41130 X-Endpoint-API-UserInfo can be spoofed in cloudendpoints Extensible Service Proxy — esp 6.4 Medium2021-10-07
CVE-2021-34646 Booster for WooCommerce <= 5.4.3 Authentication Bypass — Booster for WooCommcerce 9.8 Critical2021-08-30
CVE-2021-32076 Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass — Web Help Desk 5.3 Medium2021-08-26
CVE-2021-32631 JSON Web Tokens not properly verified — common 6.5 Medium2021-07-26
CVE-2020-7388 Sage X3 AdxAdmin Unauthenticated Command Execution Bypass by Spoofing — X3 10.0 Critical2021-07-22
CVE-2021-22779 Schneider Electric EcoStruxure Control Expert 安全漏洞 — EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*) 9.1 -2021-07-14
CVE-2021-28810 Vulnerability in Roon Server — Roon Server 7.5 High2021-06-08
CVE-2021-20278 Kiali 授权问题漏洞 — kiali 9.8 -2021-05-28
CVE-2020-13529 systemd 安全漏洞 — Systemd 6.1 -2021-05-10
CVE-2021-29441 Authentication bypass — nacos 8.6 High2021-04-27
CVE-2021-21492 SAP NetWeaver Application Server Java 安全漏洞 — SAP NetWeaver AS for JAVA (HTTP Service) 5.3 -2021-04-13
CVE-2021-21310 Token verification bug in next-auth — next-auth 6.1 Medium2021-02-11
CVE-2020-17516 Apache Cassandra 安全漏洞 — Apache Cassandra 7.5 -2021-02-03
CVE-2020-27276 多款Sooil产品授权问题漏洞 — SOOIL Developments CoLtd DiabecareRS,AnyDana-i,AnyDana-A 5.7 -2021-01-19
CVE-2020-26276 SAML authentication vulnerability in Fleet — fleet 10.0 Critical2020-12-17
CVE-2020-26254 omniauth-apple allows attacker to fake their email address during authentication — omniauth-apple 7.7 High2020-12-08
CVE-2020-7327 McAfee MVEDR - Improperly implemented security check — McAfee MVISION Endpoint Detection and Response 6.0 Medium2020-10-15
CVE-2020-7326 McAfee MAR - Improperly implemented security check — McAfee Active Response 6.0 Medium2020-10-15
CVE-2020-5415 Concourse's GitLab auth allows impersonation — Concourse 9.6 -2020-08-12
CVE-2020-2033 GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie — GlobalProtect App 5.3 Medium2020-06-10
CVE-2020-10136 IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network traffic — RFC2003 - IP Encapsulation within IP 8.2 -2020-06-02
CVE-2020-2002 PAN-OS: Spoofed Kerberos key distribution center authentication bypass — PAN-OS 8.1 High2020-05-13
CVE-2019-18259 Omron PLC CJ series和CS series 安全漏洞 — Omron PLC CJ and CS Series 9.8 -2019-12-16
CVE-2019-3884 Red Hat OpenShift 授权问题漏洞 — atomic-openshift 5.4 -2019-08-01
CVE-2019-3775 UAA allows users to modify their own email address — UAA Release (OSS) 8.1 -2019-03-07
CVE-2018-15715 Zoom Client 安全漏洞 — Zoom 9.8 -2018-11-30
CVE-2017-14003 LAVA Ether-Serial Link 授权问题漏洞 — LAVA Computer MFG Inc. Ether-Serial Link 9.8 -2017-10-11

Vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过) represent 237 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.