CWE-592
DEPRECATED: Authentication Bypass Issues
ClassDeprecated
Description
This weakness has been deprecated because it covered redundant concepts already described in CWE-287.
CVEs mapped to this weakness (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-43512 | Cri | 0.64 | 9.8 | 0.00 | May 12, 2026 | DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue. | |
| CVE-2017-2684 | Cri | 0.59 | 9.0 | 0.01 | Feb 22, 2017 | Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. | |
| CVE-2023-30971 | Med | 0.44 | 6.8 | 0.00 | Dec 19, 2025 | Gotham Gaia application was found to be exposing multiple unauthenticated endpoints. | |
| CVE-2014-2367 | 0.00 | — | 0.00 | Jul 19, 2014 | The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | ||
| CVE-2012-4688 | 0.00 | — | 0.00 | Dec 31, 2012 | The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support. |