93 matches found
HCL BigFix Platform 安全漏洞
HCL Technologies HCL BigFix Platform is a suite of endpoint security management platform from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in the HCL BigFix Platform that stems from the...
PT-2024-19948
Name of the Vulnerable Software and Affected Versions Client Deploy Tool affected versions not specified Description An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. Recommendations At the moment...
CVE-2024-22345
IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192...
IBM TXSeries for Multiplatforms 安全漏洞
IBM TXSeries for Multiplatforms is a transaction monitoring and management software product from International Business Machines IBM designed to support distributed transaction processing on multiple platforms. A security vulnerability exists in IBM TXSeries for Multiplatforms version 8.2 that...
CVE-2023-48427
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses,...
CVE-2023-48427
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses,...
CVE-2023-48427
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses,...
CVE-2023-48427
Siemens SINEC INS (all versions
Siemens SINEC INS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SINEC INS 信任管理问题漏洞
SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. Siemens SINEC INS suffers from a Certificate Validation Improperity...
PT-2023-29497 · Google · Android Client
Name of the Vulnerable Software and Affected Versions: Android Client application affected versions not specified Description: The issue concerns the use of the HTTP protocol instead of HTTPS to retrieve sensitive information, including IP addresses and credentials for a remote MQTT broker entity...
CVE-2022-36182
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site...
Hashicorp Boundary 安全漏洞
HashiCorp Boundary is an open source solution from the US-based HashiCorp Inc. It automates identity-based secure user access to hosts and services across environments. A security vulnerability exists in versions of Hashicorp Boundary prior to 0.9.1, which can be exploited by an attacker to...
The vulnerability of the microprogrammed software of Modicon M241 and Modicon M251 control units lies in the insufficient protection of registration data, allowing attackers to intercept login credentials and access the web application.
The vulnerability of the microprogrammed logic controllers Modicon M241 and Modicon M251 is related to insufficient protection for registration data. Exploiting this vulnerability can allow an attacker, operating remotely, to intercept login credentials and gain access to the web application...
CVE-2022-0162
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perfo...
Tp-link TL-WR841N 安全漏洞
The Tp-link TL-WR841N is a wireless router from China P&L Tp-link. The Tp-link TL-WR841N is vulnerable to a trust management issue, which can be exploited by a remote attacker to intercept credentials and subsequently perform management operations on an affected device via the web-based managemen...
CVE-2021-45735
TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...
CVE-2021-45735
TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...
TotoLink X5000R 授权问题漏洞
The TotoLink X5000R is a router from China's Gion Electronics TotoLink. The TOTOLINK X5000R v9.1.0u.6118B20201102 suffers from an authorization issue vulnerability that allows attackers to intercept user credentials via packet capture software...
activemq: improper authentication allows MITM attack
Apache ActiveMQ uses LocateRegistry.createRegistry to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to...