Falhas do tipo CWE-287
1.838 resultadosCVE-2019-11272—PlaintextPasswordEncoder authenticates encoded passwords that are nullEPSS 1.4%CVE-2023-36004HIGHWindows DPAPI (Data Protection Application Programming Interface) Spoofing VulnerabilityEPSS 1.4%CVE-2019-3798MEDIUMEscalation of Privileges in Cloud ControllerEPSS 1.4%CVE-2024-38225HIGHMicrosoft Dynamics 365 Business Central Elevation of Privilege VulnerabilityEPSS 1.4%CVE-2020-14299—A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketEPSS 1.4%CVE-2022-35925MEDIUMMissing rate limit in Authentication in bookwyrmEPSS 1.4%CVE-2024-27923HIGHRemote Code Execution by uploading a phar file using frontmatterEPSS 1.4%CVE-2007-4043CRITICALfile.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication EPSS 1.4%CVE-2023-37544HIGHApache Pulsar WebSocket Proxy: Improper Authentication for WebSocket Proxy Endpoint Allows DoSEPSS 1.4%CVE-2021-3652—A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inEPSS 1.3%CVE-2021-36369HIGHAn issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-EPSS 1.3%CVE-2024-23471CRITICALSolarWinds Access Rights Manager (ARM) CreateFile Directory Traversal Remote Code Execution VulnerabilityEPSS 1.3%CVE-2019-10966—In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal EPSS 1.3%CVE-2022-37913CRITICALVulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attEPSS 1.3%CVE-2022-37914CRITICALVulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attEPSS 1.3%CVE-2022-1248HIGHSAP Information System POST Request add_admin.php improper authenticationEPSS 1.3%CVE-2023-24830HIGHApache IoTDB Workbench: apache/iotdb-web-workbench: create a user without authorizationEPSS 1.3%CVE-2008-3738CRITICALSession fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectorEPSS 1.3%CVE-2020-8200—Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active DirecEPSS 1.3%CVE-2021-40851HIGHTCMAN GIM SQL injection vulnerabilityEPSS 1.3%