Skip to main content

CWE-592

DEPRECATED: Authentication Bypass Issues

12 CVEs Avg CVSS 8.5 MITRE
6
CRITICAL
4
HIGH
2
MEDIUM
0
LOW
2
POC
0
KEV

Monthly

CVE-2026-43512 Maven CRITICAL PATCH GHSA Act Now

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Authentication Bypass Apache Tomcat Suse Red Hat
NVD VulDB HeroDevs
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-42759 MEDIUM POC This Month

An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ellevo
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2019-10201 Maven HIGH PATCH This Week

It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keycloak Single Sign On
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2019-10198 MEDIUM PATCH This Month

An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Foreman Tasks Satellite
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-3899 CRITICAL Act Now

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform Heketi
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2018-10933 CRITICAL POC PATCH THREAT Act Now

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Libssh Ubuntu Linux Debian Linux Enterprise Linux +5
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
91.8%
CVE-2018-14643 Ruby CRITICAL PATCH Act Now

An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Foreman
NVD GitHub
CVSS 3.0
9.8
EPSS
6.0%
CVE-2018-10847 HIGH This Week

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Prosody
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-1085 CRITICAL Act Now

openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2017-2684 CRITICAL Act Now

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Authentication Bypass Simatic Logon
NVD
CVSS 3.0
9.0
EPSS
1.3%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Authentication Bypass Apache Tomcat +2
NVD VulDB HeroDevs
EPSS 0% CVSS 6.3
MEDIUM POC This Month

An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ellevo
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keycloak Single Sign On
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Foreman Tasks Satellite
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform Heketi
NVD
EPSS 92% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Libssh Ubuntu Linux +7
NVD Exploit-DB
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Foreman
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Prosody
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Authentication Bypass Simatic Logon
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy