Lucene search
K

360 matches found

OSV
OSV
added 2024/12/19 9:31 p.m.22 views

GHSA-RV83-H68Q-C4WQ GoPhish sends cleartext passwords

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

7.5CVSS7.5AI score0.00358EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/19 12:44 a.m.27 views

CVE-2022-33954 IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials...

4.6CVSS0.00237EPSS
Exploits0References1
NVD
NVD
added 2024/11/22 2:15 a.m.17 views

CVE-2024-47142

AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations...

5.5CVSS0.00252EPSS
Exploits0References3
CVE
CVE
added 2024/11/22 12:14 a.m.54 views

CVE-2024-47142

The CVE-2024-47142 issue affects AIPHONE IXG SYSTEM and IXG-2C7/IXG-2C7-L firmware earlier than 2.03, due to insufficiently protected credentials (CWE-522). A network-adjacent authenticated attacker may perform unintended operations. Affected firmware: IXG-2C7 and IXG-2C7-L versions 2.03 and earl...

5.5CVSS6.8AI score0.00252EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/22 12:14 a.m.22 views

CVE-2024-47142

AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations...

5.5CVSS0.00252EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/22 12:14 a.m.18 views

CVE-2024-47142

AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations...

5.5CVSS6.8AI score0.00252EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/22 12:11 a.m.31 views

CVE-2024-39290

Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book...

6.5CVSS0.00366EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/11/04 12:0 a.m.9 views

CVE-2024-34885

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request...

6.9AI score0.00424EPSS
Exploits1References2
CVE
CVE
added 2024/11/04 12:0 a.m.67 views

CVE-2024-34885

The CVE-2024-34885 entry concerns Bitrix24 (1C-Bitrix Bitrix24) version 23.300.100, where credentials in SMTP server settings are insufficiently protected. The underlying issue allows remote administrators to read SMTP account passwords via an HTTP GET request. The vulnerability impacts confident...

6.8CVSS6.6AI score0.00424EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/04 12:0 a.m.22 views

CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...

7.2AI score0.00339EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/22 9:19 p.m.25 views

CVE-2024-43812 Kieback&Peter DDC4000 Series Path Traversal Insufficiently Protected Credentials

Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system...

8.6CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2024/10/20 12:15 p.m.30 views

CVE-2024-44000

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...

9.8CVSS0.83178EPSS
Exploits7References1
Cvelist
Cvelist
added 2024/10/20 11:26 a.m.54 views

CVE-2024-44000 WordPress LiteSpeed Cache plugin < 6.5.0.1 - Unauthenticated Account Takeover via Cookie Leak vulnerability

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...

9.8CVSS0.83178EPSS
Exploits7References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/18 12:0 a.m.28 views

JVN#41397971: Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software

AIPHONE IX SYSTEM is an IP Network Audio-Video Intercom and IXG SYSTEM is an IP-based Residential System. IX SYSTEM, IXG SYSTEM, and System Support Software contain multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0...

8CVSS8.2AI score0.01077EPSS
Exploits0
Cvelist
Cvelist
added 2024/10/17 6:13 p.m.17 views

CVE-2024-7755 HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials

The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...

8.2CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/17 4:12 p.m.16 views

CVE-2024-49396 Insufficiently Protected Credentials in Elvaco M-Bus Metering Gateway CMe3100

The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information...

8.7CVSS0.00371EPSS
Exploits0References1
CVE
CVE
added 2024/10/17 4:12 p.m.45 views

CVE-2024-49396

CVE-2024-49396 affects Elvaco M-Bus Metering Gateway CMe3100 (version 1.12.1). The flaw is insufficiently protected credentials, enabling an attacker to impersonate Elvaco and send false information. Public documentation from CISA/ICSA notes remote exploitation with low attack complexity and prov...

8.7CVSS6.5AI score0.00371EPSS
Exploits0References1
ICS
ICS
added 2024/10/17 6:0 a.m.16 views

Kieback&Peter DDC4000 Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Kieback&Peter Equipment : DDC4000 Series Vulnerabilities : Path Traversal, Insufficiently Protected Credentials, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these...

9.8CVSS8.3AI score0.00639EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.6 views

PT-2024-33506 · Elvaco · Elvaco

Name of the Vulnerable Software and Affected Versions: Elvaco affected versions not specified Description: The issue arises from insufficiently protected credentials, potentially allowing an attacker to impersonate Elvaco and send false information. Recommendations: At the moment, there is no...

8.7CVSS6.9AI score0.00371EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/09/11 11:27 p.m.19 views

CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...

8.5CVSS0.00271EPSS
Exploits0References1
Rows per page
Query Builder