CVE-2023-37286

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service...

CVE-2023-37287

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

PT-2023-25884

Name of the Vulnerable Software and Affected Versions SmartBPM.NET affected versions not specified Description The issue is related to the use of a hard-coded authentication key. An unauthenticated remote attacker can exploit this to access the system with regular user privilege, allowing them to...

CVE-2023-34338

AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability...

PT-2023-24823 · Ami · Ami Spx

Name of the Vulnerable Software and Affected Versions: AMI SPx affected versions not specified Description: The issue is related to a hard-coded cryptographic key used by a hard-coded certificate in the BMC of AMI SPx. This could lead to a loss of confidentiality, integrity, and availability if...

"NewsPicks" App uses a hard-coded API key for an external service

Overview "NewsPicks" App for Android and "NewsPicks" App for iOS provided by NewsPicks, Inc. use a hard-coded API key for an external service CWE-798. Sunagawa Masanori of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

Critical Flaw Found in WordPress Plugin for WooCommerce Used by 30,000 Websites

A critical security flaw has been disclosed in the WordPress "Abandoned Cart Lite for WooCommerce" plugin that's installed on more than 30,000 websites. "This vulnerability makes it possible for an attacker to gain access to the accounts of users who have abandoned their carts, who are typically...

CVE-2023-2637

Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie...

Rockwell Automation FactoryTalk Services Platform 信任管理问题漏洞

Rockwell Automation FactoryTalk Services Platform is a suite of services platforms from Rockwell Automation, Inc. that consists of multiple products that provide applications with routine services such as diagnostic information, health monitoring, and real-time data access. A security vulnerabili...

Hitron Technologies CODA 信任管理问题漏洞

Hitron Technologies CODA is a wireless router from Hitron Technologies China. The Hitron Technologies CODA suffers from a trust management issue vulnerability that arises from a hard-coded encryption or decryption key in program code. A remote attacker could use the hard-coded key to decrypt syst...

CVE-2022-47617 Hitron Technologies Inc. CODA-5310 - Hard-coded Cryptographic Key

Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption...

CVE-2023-28937

DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and...

CVE-2023-28937

DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and...

CVE-2023-28937

DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and...

PT-2023-22047 · Unknown · Scriptrunner For Amazon Sqs +2

Name of the Vulnerable Software and Affected Versions: DataSpider Servista versions 4.4 and earlier Description: The issue concerns the use of a hard-coded cryptographic key in DataSpider Servista, which is data integration software. This key is embedded in ScriptRunner and ScriptRunner for Amazo...

DataSpider Servista uses a hard-coded cryptographic key

Overview DataSpider Servista provided by SAISON INFORMATION SYSTEMS CO.,LTD. is a data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazo...

CVE-2023-27921

JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker...

CVE-2023-27921

JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker...

PT-2023-21421 · Jins · Jins Meme Core Firmware

Name of the Vulnerable Software and Affected Versions: JINS MEME CORE Firmware versions 2.2.0 and earlier Description: The issue is related to a hard-coded cryptographic key used in the firmware, which may allow a network-adjacent attacker to decrypt data acquired by a sensor of the affected...

PT-2023-2872 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to bypass authentication on affected installations. The specific flaw exists within the TokenUtils class and results from a hard-coded cryptographic...