Lucene search
K

144 matches found

BDU FSTEC
BDU FSTEC
added 2024/09/16 12:0 a.m.7 views

The vulnerabilities of event monitoring platforms, threat detection systems, and security analytics tools from IBM QRadar Suite and IBM Cloud Pak for Security involve unencrypted storage of user credentials, allowing attackers to gain unauthorized access to protected information.

The vulnerabilities of event monitoring platforms, threat detection systems, and security analytics tools from IBM QRadar Suite and IBM Cloud Pak for Security are related to the unencrypted storage of user credentials. Exploiting these vulnerabilities can allow attackers operating remotely to gai...

6.2CVSS6.4AI score0.0012EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2024/07/26 12:15 p.m.26 views

CVE-2024-41688

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the...

7CVSS0.00111EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/07 2:23 p.m.15 views

CVE-2024-36790

Netgear WNR614 JNR1010V2/N300-V1.1.0.541.0.1 was discovered to store credentials in plaintext...

8.8AI score0.00349EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/02/12 12:0 a.m.5 views

IBM Cloud Pak for Data Security Vulnerability

IBM Cloud Pak for Data is a cloud-native solution from International Business Machines IBM that allows customers to use data and analyze it quickly and efficiently. A security vulnerability exists in IBM Cloud Pak for Data that stems from DataStage storing sensitive credential information that ca...

4.9CVSS6.3AI score0.00589EPSS
Exploits0References3
Prion
Prion
added 2024/01/09 9:15 a.m.13 views

Command injection

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

1.7CVSS6.8AI score0.00293EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2024/01/09 12:0 a.m.1 views

Unprotected Storage of Credentials

Overview Affected versions of this package are vulnerable to Unprotected Storage of Credentials. An attacker can steal authentication credentials intended for the database server by performing an adversary-in-the-middle attack between the SQL client and the SQL server, even if the connection is...

8.7CVSS7.7AI score0.0118EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/03 12:0 a.m.5 views

Genie Aladdin Connect Mobile Application Security Vulnerability

Genie Aladdin Connect Mobile Application is a garage door opener control software from Genie. A security vulnerability exists in Genie Aladdin Connect Mobile Application 5.65 Build 2075 and prior versions, which stems from the fact that a user's product account authentication data is stored in...

6.8CVSS6.9AI score0.00419EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.3 views

PT-2023-7769 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the storage of credentials in plaintext, which could allow an attacker to gain unauthorized access to credentials for third-party hosts from encrypted Ansible file...

6.5CVSS6.7AI score
Exploits0References4
NVD
NVD
added 2023/09/18 9:16 p.m.30 views

CVE-2023-39452

The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application...

7.5CVSS7.6AI score0.00498EPSS
Exploits0References1
CVE
CVE
added 2023/09/18 8:1 p.m.41 views

CVE-2023-39452

CVE-2023-39452 affects Socomec MODULYS GP (MOD3GP-SY-120K) web interface. Public documents identify plaintext storage of passwords in the user management section and remote credential exposure due to improper session handling. Affected product details cited by CISA ICS advisory (MODULYS GP-SY-120...

7.5CVSS7.6AI score0.00498EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/07 12:0 a.m.5 views

PT-2023-5301 · Unknown · Modulys Gp

Name of the Vulnerable Software and Affected Versions: MODULYS GP MOD3GP-SY-120K affected versions not specified Description: The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the...

7.8CVSS7AI score0.00498EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2023/03/13 8:43 a.m.26 views

CVE-2023-27902

A flaw was found in Jenkins. Jenkins uses temporary directories adjacent to workspace directories, usually with the @tmp name suffix, to store temporary files related to the build. In pipelines, these temporary directories are adjacent to the current working directory when operating in a...

4.3CVSS5AI score0.00745EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.2 views

Simmeth System Supplier Manager 授权问题漏洞

Simmeth System Supplier Manager, a supply chain software from Simmeth System, Germany, is vulnerable to a session management error in versions prior to Simmeth System Supplier Manager 5.6. The vulnerability stems from credentials not being cleared from local storage after logging out, which could...

7.5CVSS6.5AI score0.0072EPSS
Exploits3References4
BDU FSTEC
BDU FSTEC
added 2022/11/02 12:0 a.m.4 views

The vulnerability of the IBM Host Access Transformation Services (HATS) software, developed by IBM Host Access Beans, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the IBM Host Access Transformation Services HATS software, developed by IBM Host Access Beans, is related to the unencrypted storage of user credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

6.2CVSS5.5AI score0.00166EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/08/10 8:15 p.m.6 views

CVE-2022-22983

VMware Workstation 16.x prior to 16.2.4 contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware...

5.9CVSS6.3AI score0.00285EPSS
Exploits0References2
OSV
OSV
added 2022/07/27 3:15 p.m.4 views

CVE-2022-36897

A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00569EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 5:10 p.m.21 views

GHSA-4FJC-FWJ2-7XFG Credentials transmitted in plain text by Repository Connector Plugin

Repository Connector Plugin stores credentials in its global configuration file org.jvnet.hudson.plugins.repositoryconnector.RepositoryConfiguration.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text a...

3.1CVSS5AI score0.00614EPSS
Exploits0References4
Prion
Prion
added 2022/05/19 2:15 p.m.18 views

Design/Logic Flaw

Mobotix Control Center MxCC through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access...

6.5CVSS8.7AI score0.01002EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/02/09 3:17 p.m.52 views

CVE-2021-40363

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...

7.6AI score0.0016EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/06 12:0 a.m.6 views

CVE-2022-22554

Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords...

8.2CVSS6AI score0.002EPSS
Exploits0References2
Rows per page
Query Builder