323 matches found
CVE-2025-33079
IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code...
CVE-2025-33079
IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code...
CVE-2025-33079
IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code...
CVE-2025-33079 IBM Controller information disclosure
IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code...
CVE-2025-33079
Summary of CVE-2025-33079 (IBM Controller information disclosure) Affected products: IBM Controller: version 11.1.0 (and IBM Cognos Controller 11.0.0 – 11.0.1). Root cause / vulnerability: An authenticated user could obtain sensitive credentials that may be inadvertently included within the sourc...
CVE-2025-33079 IBM Controller information disclosure
IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code...
Security Bulletin: IBM Controller has addressed a security vulnerability (CVE-2025-33079)
Summary IBM Controller has addressed a security vulnerability that could allow an authenticated user to obtain sensitive credentials. This Security Bulletin relates only to the direct usage of third-party components by IBM Controller and not any nested dependencies within the product. Vulnerabili...
PT-2025-22887 · Ibm · Ibm Controller
Name of the Vulnerable Software and Affected Versions: IBM Controller versions 11.0.0 through 11.1.0 Description: The issue allows an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code. Recommendations: For versions 11.0.0 through 11.1.0,...
CVE-2024-6749
Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply. Axis has released...
CVE-2023-27871
IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...
CVE-2023-28514
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398...
CVE-2022-25804
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. Insecure permissions for the serverconfig registry key under JavaSoft\Prefs\de\igel\rm\config in HKEYLOCALMACHINE\SOFTWARE allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the U...
CVE-2021-21361
The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixe...
CVE-2018-10676
CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI...
ROS-20250424-05
Vulnerability in the netrc file handler of the cURL command line utility is related to insufficient protection of the of service data. Exploitation of the vulnerability could allow an attacker acting remotely to access credentials with HTTP redirection to another resource. access to credentials...
CVE-2025-43928
In Infodraw Media Relay Service MRS 7.1.0.0, the MRS web server on port 12654 allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing...
CVE-2025-32021
Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...
CVE-2024-7577
IBM InfoSphere Information Server 11.7 is affected by CVE-2024-7577, an information disclosure vulnerability that can expose sensitive user credentials from log files during a fresh installation. The IBM bulletin confirms affected product/version: InfoSphere Information Server 11.7, with remediat...
PT-2025-13597 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue could disclose sensitive user credentials from log files during the new installation of the product. Recommendations: For IBM InfoSphere Information Server version 11.7,...
IBM InfoSphere Information Server 日志信息泄露漏洞
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server version 11.7, which stems...