Fallos del tipo CWE-287
1838 resultadosCVE-2022-39290HIGHCSRF key bypass using HTTP methods in zoneminderEPSS 5.4%CVE-2021-34993CRITICALThis vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. AuthenticationEPSS 5.4%CVE-2019-1917CRITICALCisco Vision Dynamic Signage Director REST API Authentication Bypass VulnerabilityEPSS 5.3%CVE-2019-12643CRITICALCisco REST API Container for IOS XE Software Authentication Bypass VulnerabilityEPSS 5.3%CVE-2018-0238—A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenEPSS 5.2%CVE-2017-16748—An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and priEPSS 5.1%CVE-2017-12229—A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, reEPSS 5.1%CVE-2018-10611—Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to alEPSS 5.1%CVE-2025-4755MEDIUMD-Link DI-7003GV2 netconfig.asp sub_497DE4 improper authenticationEPSS 5.0%CVE-2025-46631MEDIUMImproper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable tEPSS 4.9%CVE-2012-5864—Sinapsi eSolar Improper AuthenticationEPSS 4.9%CVE-2017-14002—GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentiEPSS 4.9%CVE-2017-12698—An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a pEPSS 4.8%CVE-2018-14805—ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key valEPSS 4.8%CVE-2019-0543HIGHAn elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of EPSS 4.7%KEVCVE-2019-1938CRITICALCisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass VulnerabilityEPSS 4.6%CVE-2019-1974CRITICALCisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass VulnerabilityEPSS 4.5%CVE-2017-11427HIGHMultiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversalEPSS 4.4%CVE-2024-0799CRITICALAuthentication Bypass via wizardLogin in Arcserve Unified Data ProtectionEPSS 4.3%CVE-2010-4478CRITICALOpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remotEPSS 4.2%