42 matches found
CVE-2025-15622
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...
CVE-2025-15621
Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...
CVE-2026-42098
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...
📄 Sparx Pro Cloud Server 6.1 / Sparx Enterprise Architect 17.1 SQL Injection
Multiple vulnerabilities in Sparx Pro Cloud Server PCS versions 6.1 and below and Sparx Enterprise Architect versions 17.1 and below allow a remote unauthenticated attacker to execute arbitrary SQL queries both read and write within any configured database. In the case where PCS is installed with...
CVE-2026-42098
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...
CVE-2026-42098
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...
CVE-2026-42098
CVE-2026-42098 affects Sparx Enterprise Architect. An authenticated attacker can modify the client behavior (e.g., via debugger) to log in as another user or administrator, enabling “every possible change” to the repository. Affected/testing: only version 17.1 and below have been tested and confi...
CVE-2026-42098 Authorization Bypass in Sparx Enterprise Architect
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...
EUVD-2026-30930
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...
CVE-2026-42098 Authorization Bypass in Sparx Enterprise Architect
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...
Sparx Enterprise Architect 安全漏洞
Sparx Enterprise Architect is a modeling and design tool developed by the Australian company Sparx. Versions of Sparx Enterprise Architect prior to 17.1 contained security vulnerabilities. These vulnerabilities stemmed from security features that restricted user actions. Authorized attackers coul...
PT-2026-41894
Name of the Vulnerable Software and Affected Versions Sparx Enterprise Architect versions 17.1 and earlier Description A security feature intended to limit user actions based on assigned roles can be bypassed. An authenticated attacker can modify the client behavior, for example by using a...
EUVD-2025-209514
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext...
EUVD-2025-209512
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...
CVE-2025-15622
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...
CVE-2025-15624
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext...
CVE-2025-15622
The CVE-2025-15622 vectors/auth flow involve Sparx Systems Pty Ltd. Sparx Enterprise Architect desktop client exposing a plaintext OAuth2 client secret, which the client decodes and uses to exchange for access and ID tokens in the OpenID authentication flow. This is described as an Insufficiently...
CVE-2025-15622 Sparx Enterprise Architect Client reveals plaintext OAuth2 client secret
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...
CVE-2025-15622
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...
CVE-2025-15622 Sparx Enterprise Architect Client reveals plaintext OAuth2 client secret
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...