19242 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.
The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2016-9693 | IBM Business Process Manager 安全漏洞 — Business Process Manager Advanced | 6.1 | - | 2017-03-07 |
| CVE-2017-6384 | Atheme 资源管理错误漏洞 — n/a | 7.5 | - | 2017-03-02 |
| CVE-2017-6409 | 多款Veritas产品访问控制错误漏洞 — n/a | 9.8 | - | 2017-03-02 |
| CVE-2016-8232 | IBM BladeCenter Systems Advanced Management Module 跨站脚本漏洞 — Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z | 6.1 | - | 2017-03-01 |
| CVE-2017-3826 | Cisco NetFlow Generation Appliance 安全漏洞 — Cisco NetFlow Generation ApplianceCWE-399 | 7.5 | - | 2017-03-01 |
| CVE-2017-6205 | 多款D-Link DGS-1510 Websmart设备安全漏洞 — n/a | 9.8 | - | 2017-02-23 |
| CVE-2017-6206 | 多款D-Link DGS-1510 Websmart设备信息泄露漏洞 — n/a | 7.5 | - | 2017-02-23 |
| CVE-2017-3821 | Cisco Unified Communications Manager 跨站脚本漏洞 — Cisco Unified Communications Manager | 6.1 | - | 2017-02-22 |
| CVE-2017-3827 | Cisco AsyncOS Software for Cisco ESA and Cisco WSA 安全漏洞 — Cisco AsyncOS Software for Cisco ESA and Cisco WSA | - | - | 2017-02-22 |
| CVE-2017-3828 | Cisco Unified Communications Manager 跨站脚本漏洞 — Cisco Unified Communications Manager | 6.1 | - | 2017-02-22 |
| CVE-2017-3829 | Cisco Unified Communications Manager 跨站脚本漏洞 — Cisco Unified Communications Manager | 6.1 | - | 2017-02-22 |
| CVE-2017-3830 | Cisco Meeting Server 安全漏洞 — Cisco Meeting Server | 7.5 | - | 2017-02-22 |
| CVE-2017-3833 | Cisco Unified Communications Manager 跨站脚本漏洞 — Cisco Unified Communications Manager | 6.1 | - | 2017-02-22 |
| CVE-2017-3836 | Cisco Unified Communications Manager 信息泄露漏洞 — Cisco Unified Communications Manager | 5.3 | - | 2017-02-22 |
| CVE-2017-3838 | Cisco Secure Access Control System 跨站脚本漏洞 — Cisco Secure Access Control System | 6.1 | - | 2017-02-22 |
| CVE-2017-3839 | Cisco Secure Access Control System 安全漏洞 — Cisco Secure Access Control System | 5.3 | - | 2017-02-22 |
| CVE-2017-3840 | Cisco Secure Access Control System 输入验证漏洞 — Cisco Secure Access Control System | 6.1 | - | 2017-02-22 |
| CVE-2017-3841 | Cisco Secure Access Control System 信息泄露漏洞 — Cisco Secure Access Control System | 7.5 | - | 2017-02-22 |
| CVE-2017-3842 | Cisco Intrusion Prevention System Device Manager 信息泄露漏洞 — Cisco Intrusion Prevention System Device Manager | 5.3 | - | 2017-02-22 |
| CVE-2017-3845 | Cisco Prime Collaboration Assurance 跨站脚本漏洞 — Cisco Prime Collaboration Assurance | 6.1 | - | 2017-02-22 |
| CVE-2017-6095 | WordPress Mail Masta SQL注入漏洞 — n/a | 9.8 | - | 2017-02-21 |
| CVE-2017-5344 | dotCMS SQL注入漏洞 — n/a | 9.8 | - | 2017-02-17 |
| CVE-2016-8361 | Lynxspring JENEsys BAS Bridge 安全漏洞 — Lynxspring JENEsys BAS Bridge 1.1.8 and older | 9.4 | - | 2017-02-13 |
| CVE-2016-9357 | 多款Eaton ePDUs产品路径遍历漏洞 — Eaton ePDU EoL devices | 5.3 | - | 2017-02-13 |
| CVE-2016-9363 | 多款Moxa Nport产品缓冲区溢出漏洞 — Moxa NPort | 8.4 | - | 2017-02-13 |
| CVE-2016-9369 | 多款Moxa Nport产品安全漏洞 — Moxa NPort | 8.4 | - | 2017-02-13 |
| CVE-2017-5144 | Carlo Gavazzi Automation VMU-C EM和VMU-C PV 安全漏洞 — Carlo Gavazzi VMU-C EM and VMU-C PV | 9.8 | - | 2017-02-13 |
| CVE-2017-5163 | Belden Hirschmann GECKO Lite Managed Switch 信息泄露漏洞 — Belden Hirschmann GECKO 2.0.00 and prior | 5.9 | - | 2017-02-13 |
| CVE-2017-3813 | Cisco AnyConnect Secure Mobility Client Software for Windows 授权问题漏洞 — Cisco AnyConnect Secure Mobility Client Software for Windows Versions prior to released versions 4.4.00243 and later and 4.3.05017 and later.CWE-264 | 7.1 | - | 2017-02-09 |
| CVE-2016-9005 | IBM TS3100和TS3200 Tape库安全漏洞 — System Storage | 9.8 | - | 2017-02-08 |
Vulnerabilities classified as access:pre-auth represent 19242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.