Lucene search
K

8 matches found

Snyk
Snyk
added 2026/06/18 12:20 a.m.8 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the process that handles service bindings from VCAPSERVICES containing TLS client credentials. An attacker can access sensitive private key material by reading temporary files created with...

5.7CVSS5.9AI score0.00065EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 11:17 p.m.15 views

CVE-2026-50267

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

4.7CVSS0.00065EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 9:57 p.m.56 views

CVE-2026-50267

CVE-2026-50267 affects Steeltoe Configuration Abstractions (versions 4.0.0–4.1.0). When MySQL/PostgreSQL service bindings from VCAP_SERVICES include TLS client credentials, the Connectors library writes these credentials to temporary files in Path.GetTempPath() via File.CreateText. On Linux, crea...

4.7CVSS5.2AI score0.00065EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 9:57 p.m.4 views

CVE-2026-50267 Steeltoe: TLS private keys written to /tmp with default permissions, never deleted

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

4.7CVSS6AI score0.00065EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.5 views

HCL BigFix IVR 安全漏洞

HCL BigFix IVR is a vulnerability fixing tool from HCL India. A security vulnerability exists in HCL BigFix IVR version 4.2, which stems from improperly configured service bindings for internal service components, which could result in compromised service availability...

4.9CVSS6.7AI score0.00312EPSS
Exploits0References1
Prion
Prion
added 2018/02/14 12:29 p.m.19 views

Authorization

In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space...

4CVSS6.4AI score0.01189EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/02/14 12:29 p.m.8 views

CVE-2018-2374

In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space...

6.5CVSS5.8AI score0.01189EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/02/14 12:0 a.m.9 views

PT-2018-15507 · Sap · Sap Hana Extended Application Services

Name of the Vulnerable Software and Affected Versions: SAP HANA Extended Application Services version 1.0 Description: A controller user with SpaceAuditor authorization in a specific space could retrieve sensitive application data, such as service bindings, within that space. Recommendations: For...

6.5CVSS6.4AI score0.01189EPSS
Exploits0References5
Rows per page
Query Builder