Security Bulletin: IBM CICS TX Standard is vulnerable to allowing access to a user's web browser session due to insufficiently protected credentials (CVE-2022-34311).

Summary IBM CICS TX Standard could allow access to a user's web browser session due to insufficiently protected credentials. The fix removes this vulnerability CVE-2022-34311 from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2022-34311 DESCRIPTION: IBM CICS TX could allow a user with...

CVE-2022-32520

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert Versions prior to V7.9.0...

CVE-2022-32518

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert Versions prior to V7.9.0...

CVE-2022-32520

The CVE-2022-32520 entry affects Schneider Electric Data Center Expert before version 7.9.0. It describes a CWE-522 vulnerability (insufficiently protected credentials) that could allow a malicious remote actor to gain unauthorized access to a DCE instance over a network. The connected sources co...

Debian DSA-5330-1 : curl - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5330 advisory. Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure. F...

CVE-2022-43959

Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldapserveredit.php...

CVE-2022-43959

The CVE-2022-43959 entry concerns 1C-Bitrix Bitrix24 (through version 22.200.200) with an issue in AD/LDAP server settings where credentials are insufficiently protected. The root cause is exposure of an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit....

CVE-2021-36204

The CVE-2021-36204 vulnerability affects Johnson Controls Metasys ADS/ADX/OAS Servers: versions 10.x prior to 10.1.6 and 11.x prior to 11.0.3. Root cause is Insufficiently Protected Credentials, allowing API calls to expose plaintext credentials. Impact is high (confidentiality and total impact o...

CVE-2021-36204 Insufficiently Protected Credentials in Metasys

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text...

CVE-2016-15014 CESNET theme-cesnet resetpassword.php insufficiently protected credentials

A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials...

Design/Logic Flaw

A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has be...

CVE-2022-4612 Click Studios Passwordstate insufficiently protected credentials

A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has be...

HCL BigFix Multiple Vulnerabilities (KB0098998)

The version of HCL BigFix Client installed on the remote host is affected by multiple vulnerabilities, including the following: - An improper authentication vulnerability exists in the curl subcomponent which might allow reuse OAUTH2-authenticated connections without properly making sure that the...

CVE-2022-29839

Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Clou...

CVE-2022-29839

CVE-2022-29839 concerns Western Digital My Cloud devices with Linux, prior to version 5.25.124. The issue is an Insufficiently Protected Credentials vulnerability in the remote backups application; if an attacker gains access to a relevant endpoint, they may use exposed credentials to access prot...

PT-2022-19869 · Western Digital · Western Digital My Cloud

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud versions prior to 5.25.124 on Linux. Description: The issue is related to an Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices. This could allow a...

CVE-2022-29839 Remote Backups Application Discloses Stored Credentials

Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Clou...

Mitsubishi Electric FA Engineering Software (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GX Works3, MX OPC UA Module Configurator-R Vulnerabilities: Cleartext Storage of Sensitive Information, Use of Hard-coded Password, Insufficiently Protected Credentials,...

CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs

The U.S. Cybersecurity and Infrastructure Security Agency CISA this week released an Industrial Control Systems ICS advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users ...

Design/Logic Flaw

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally...