CVE-2025-1499

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user...

CVE-2025-1499 IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user...

CVE-2025-1499

Summary : CVE-2025-1499 affects IBM InfoSphere Information Server 11.7. The root cause is the explicit storage of credential information for database authentication in a cleartext parameter file, which can be viewed by an authenticated user, leading to potential information disclosure. The issue ...

CVE-2025-1499 IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user...

PT-2025-23422 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue concerns the storage of credential information for database authentication in a cleartext parameter file. This file could be viewed by an authenticated user, potentially...

CVE-2022-24776

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known...

CVE-2021-29621

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

Flask-AppBuilder Observable Response Discrepancy

Impact User enumeration in database authentication in Flask-AppBuilder = 3.0.0. Allows for a non authenticated user to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. Patches Upgrade to flask-appbuilder=4.5.3 Workarounds Downgrade...

Flask-AppBuilder Observable Response Discrepancy

User enumeration in database authentication in Flask-AppBuilder = 3.0.0. Allows for a non authenticated user to enumerate existing usernames by timing the response time from the server when brute forcing requests to login...

CVE-2024-25649

In Delinea PAM Secret Server 11.4, it is possible for an attacker with Administrator access to the Secret Server machine to read the following data from a memory dump: the decrypted master key, database credentials when SQL Server Authentication is enabled, the encryption key of RabbitMQ queue...

GHSA-9HCR-9HCV-X6PV Flask-AppBuilder Has No Rate Limiting on Login AUTH DB

Impact Lack of rate limiting will allow an attacker to brute-force user credentials. Patches Ability to enable rate limiting on Flask-AppBuilder = 4.3.0. Use AUTHRATELIMITED = True and RATELIMITENABLED = True set the limit itself by using AUTHRATELIMIT. Will apply only to database authentication...

Flask-AppBuilder Has No Rate Limiting on Login AUTH DB

Impact Lack of rate limiting will allow an attacker to brute-force user credentials. Patches Ability to enable rate limiting on Flask-AppBuilder = 4.3.0. Use AUTHRATELIMITED = True and RATELIMITENABLED = True set the limit itself by using AUTHRATELIMIT. Will apply only to database authentication...

PT-2022-28185 · Unknown · Redwood Dbauth

Name of the Vulnerable Software and Affected Versions: Redwood dbAuth versions 0.38.0 through 3.3.0 Redwood dbAuth versions 0.38.0 through 2.2.4 Description: This issue affects the dbAuth "forgot password" feature in Redwood, allowing a malicious user to obtain a reset token for any user given...

Arbitrary File Read

moodle/moodle is vulnerable to information disclosure. The vulnerability exists in the tempdir parameter inlatex.php due to a lack of validation in external database authentication which allows an attacker to gain access to the files and read sensitive information...

CVE-2021-40693

An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability...

CVE-2022-31011

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...

GHSA-2CCW-7PX8-VMPF Open Redirect in Flask-AppBuilder

Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 3.4.5 contain an open redirect vulnerability when using the database authentication login page. There are no known workarounds. Users are recommended to upgrade to version 3.4.5 or later. For more...

Open Redirect in Flask-AppBuilder

Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 3.4.5 contain an open redirect vulnerability when using the database authentication login page. There are no known workarounds. Users are recommended to upgrade to version 3.4.5 or later. For more...

Open Redirect

flaskappbuilder is vulnerable to open redirect. The library doesn't properly validate the next url logic for OAuth, OID and DB in the database authentication login page which allows an attacker to inject a malicious URL through to the system...

CVE-2022-24776

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known...