PT-2025-6247 · Ivanti · Ivanti Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.3 Ivanti Policy Secure versions prior to 22.7R1.3 Description: A hardcoded key in the software allows a local authenticated attacker with admin privileges to read sensitive data. Recommendations:...

CVE-2021-22644

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...

CVE-2024-33891

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute...

CVE-2024-53522

CVE-2024-53522 affects Bangkok Medical Software HOSxP XE v4.64.11.3, with a root cause described as a hardcoded IDEA Key-IV pair in HOSxPXE4.exe and HOS-WIN32.INI components. This leakage enables attackers to access sensitive information. Multiple sources (NVD, Red Hat, CNNVD, CVE listings) confi...

CVE-2024-53522

Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information...

CVE-2024-55557

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials...

CVE-2024-9679

A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials...

EUVD-2024-52808

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials...

PT-2024-39758 · Unknown · Dlp Extension

Name of the Vulnerable Software and Affected Versions: DLP Extension version 11.11.1.3 Description: A hardcoded cryptographic key vulnerability existed in DLP Extension, allowing the decryption of previously encrypted user credentials. Recommendations: For DLP Extension version 11.11.1.3, update ...

CVE-2024-55557

CVE-2024-55557 affects Weasis 4.5.1 (weasis-core) via ui/pref/ProxyPrefView.java, where a hardcoded key for symmetric encryption of proxy credentials is used. This creates a risk of credential exposure if the key is revealed or misused. The description is supported by OSV/NVD/NVD records and link...

CVE-2024-55557

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials...

PT-2024-36553 · Weasis · Weasis

Name of the Vulnerable Software and Affected Versions: Weasis version 4.5.1 Description: The issue concerns a hardcoded key for symmetric encryption of proxy credentials in the ui/pref/ProxyPrefView.java file within the weasis-core component of Weasis. This hardcoded key is used for the symmetric...

CVE-2024-11308

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

CVE-2024-11308

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

CVE-2024-11308

The CVE-2024-11308 entry concerns TRCore’s DVC, a file-insurance system, which encrypts files with a hardcoded key. The underlying issue is the use of a static cryptographic key, enabling an attacker with local access to decrypt targeted files and recover original content as described in multiple...

CVE-2024-11308 TRCore DVC - Use of Hard-coded Cryptographic Key

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

CVE-2024-11308 TRCore DVC - Use of Hard-coded Cryptographic Key

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

PT-2024-16899 · Trcore · Dvc

Name of the Vulnerable Software and Affected Versions: DVC from TRCore affected versions not specified Description: The issue concerns the use of a hardcoded key for file encryption in the DVC from TRCore. This hardcoded key can be exploited by attackers to decrypt the files and restore their...

CVE-2024-40410

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption...

PT-2024-28835 · Cybele · Thinfinity Workspace

Name of the Vulnerable Software and Affected Versions: Cybele Software Thinfinity Workspace versions prior to 7.0.2.113 Description: The issue concerns a hardcoded cryptographic key used for encryption. This key is embedded in the software, potentially allowing unauthorized access or exploitation...