CWE-302
Authentication Bypass by Assumed-Immutable Data
BaseIncomplete
Description
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-13 · CAPEC-21 · CAPEC-274 · CAPEC-31 · CAPEC-39 · CAPEC-45 · CAPEC-77
CVEs mapped to this weakness (21)
page 2 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23501 | 0.00 | — | 0.00 | Dec 14, 2022 | TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions),… |
- CVE-2022-23501Dec 14, 2022risk 0.00cvss —epss 0.00
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions),…