Falhas do tipo CWE-287
1.838 resultadosCVE-2017-14004—GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful explEPSS 1.9%CVE-2017-14006—GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-codedEPSS 1.9%CVE-2021-32637CRITICALAuthentication bypassed with malformed request URIEPSS 1.9%CVE-2021-22764MEDIUMA CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (seEPSS 1.9%CVE-2022-29165CRITICALArgo CD will blindly trust JWT claims if anonymous access is enabledEPSS 1.9%CVE-2017-12695—An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitationEPSS 1.9%CVE-2017-6047—Detcon Sitewatch Gateway, all versions without cellular, Passwords are presented in plaintext in a file that is accessible without authenticEPSS 1.8%CVE-2018-4836—A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleCEPSS 1.8%CVE-2018-15721—The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote atEPSS 1.8%CVE-2022-1049—A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwordEPSS 1.8%CVE-2024-48445CRITICALAn issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters.EPSS 1.8%CVE-2021-43999—Improper validation of SAML responsesEPSS 1.8%CVE-2019-1662HIGHCisco Prime Collaboration Assurance Software Unauthenticated Access VulnerabilityEPSS 1.8%CVE-2020-4074HIGHImproper AuthenticationEPSS 1.8%CVE-2016-2124—A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent oEPSS 1.8%CVE-2017-14026—In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allEPSS 1.8%CVE-2022-39205CRITICALAccess Control Bypass in OnedevEPSS 1.8%CVE-2021-26637HIGHSiHAS Improper Authentication vulnerabilityEPSS 1.7%CVE-2021-21538CRITICALDell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthentEPSS 1.7%CVE-2023-2706HIGHOTP Login Woocommerce & Gravity Forms <= 2.2 - Authentication Bypass to Privilege EscalationEPSS 1.7%