152 matches found
Copeland E3 Supervisory Control 安全漏洞
Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from client-side hash authentication and could lead to authentication via password hashing...
IBM OpenPages with Watson 安全漏洞
IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...
CVE-2025-48925
The TeleMessage service through 2025-05-05 relies on the client side e.g., the TM SGNL app to do MD5 hashing, and then accepts the hash as the authentication credential...
CVE-2025-48925
The TeleMessage service through 2025-05-05 relies on the client side e.g., the TM SGNL app to do MD5 hashing, and then accepts the hash as the authentication credential...
CVE-2021-41286
Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a...
CVE-2021-35193
Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations that have the same software version. This provides remote access to SQL database credentials. In the normal use of the product, retrieving those...
CVE-2021-23196
The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently...
CVE-2020-25251
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information...
CVE-2025-24517
Use of client-side authentication issue exists in CHOCO TEI WATCHER mini IB-MCT001 all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication...
CVE-2025-24517
CVE-2025-24517 affects CHOCO TEI WATCHER mini (IB-MCT001) all versions, with a use of client-side authentication vulnerability (CWE-603). A remote attacker could obtain the product login password without authentication, per multiple sources. The connected documents confirm the issue and its impac...
CVE-2025-24517
Use of client-side authentication issue exists in CHOCO TEI WATCHER mini IB-MCT001 all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication...
CVE-2025-24517
Use of client-side authentication issue exists in CHOCO TEI WATCHER mini IB-MCT001 all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication...
PT-2025-13437 · Unknown · Choco Tei Watcher Mini
Name of the Vulnerable Software and Affected Versions: CHOCO TEI WATCHER mini IB-MCT001 all versions Description: A use of client-side authentication issue exists, allowing a remote attacker to obtain the product login password without authentication if exploited. Recommendations: For CHOCO TEI...
CVE-2022-31463
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used...
CVE-2024-45785
MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...
Incorrect Access Control
oqtane.framework is vulnerable to Incorrect Access Control. The vulnerability is due to relying on client-side information for authentication and the absence of server-side validation, which allows attackers to manipulate parameters like entityid and bypass security controls...
Oqtane Framework Incorrect Access Control vulnerability
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...
PT-2024-10737 · Alecto +5 · Alecto Ivm-100 +6
Name of the Vulnerable Software and Affected Versions: Alecto IVM-100 2019-11-12 Tk-star nan affected versions not specified Svakom Nan affected versions not specified Alecto nan affected versions not specified Loven nan affected versions not specified Sannce products affected versions not...
CVE-2024-45785
MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...
CVE-2024-45785
MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...