CWE-308

6 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-308page 1 of 1

CVE-2023-25681MEDIUMCVSS 5.3EG 5.3
2024-03-05
LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remo…
CVE-2023-34228MEDIUMCVSS 5.3EG 5.3
2023-05-31
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
CVE-2023-49075HIGHCVSS 8.4EG 8.4
2023-11-28
The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access…
CVE-2023-50934MEDIUMCVSS 5.3EG 5.3
2024-02-02
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114.
CVE-2024-45075HIGHCVSS 8.8EG 8.8
2024-09-04
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.
CVE-2024-47652HIGHCVSS 8.1EG 8.1
2024-10-04
This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their corresponding mobile number. A remote atta…

Map vulnerabilities like CWE-308 to your infrastructure

EchelonGraph correlates every CVE — across CWE-308 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →