137 matches found
CVE-2024-51051
AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account...
CVE-2024-40697
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895...
CVE-2024-22355
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781...
PT-2024-2064 · Hitron · Coda-4589 +1
Name of the Vulnerable Software and Affected Versions: Hitron CODA-4582 and CODA-4589 devices affected versions not specified Description: The issue is related to insufficient entropy due to the use of default PSKs, which are generated from 5-digit hex values concatenated with a "Hitron" substrin...
IBM Security Access Manager Container Security Vulnerability
IBM Security Access Manager Container is a containerized identity and access management solution from International Business Machines IBM. A security vulnerability exists in IBM Security Access Manager Container that stems from not requiring docker images to have strong passwords by default, whic...
Anevia Flamingo XL/XS 3.6.x Default / Hardcoded Credentials Vulnerability
Anevia Flamingo XL/XS versions 3.6.20 and 3.2.9 have a weak set of default and hardcoded administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. Anevia Flamingo XL/XS 3.6.x Default/Hard-coded Credentials Vendor: Ateme Product web page:...
CVE-2023-27746
CVE-2023-27746 affects BlackVue DR750-2CH LTE (v.1.012_2022.10.26). The issue is a weak default passphrase that can be cracked via brute force if the WPA2 handshake is intercepted, enabling unauthorized access. Exploitation status is not provided in the documents. Remediation guidance is present ...
CVE-2021-43444
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key...
Contract Management System 授权问题漏洞
Contract Management System is a contract management system. It enables companies to create new contracts and track the status of existing contracts to ensure that employees, vendors, and customers meet defined requirements. A security vulnerability exists in Contract Management System version v2....
PT-2022-22628 · Unknown · Contract Management System
Name of the Vulnerable Software and Affected Versions: Contract Management System version 2.0 Description: The issue is related to a weak default password in the Contract Management System, which allows attackers to access database connection information. Recommendations: For Contract Management...
IBM Robotic Process Automation 安全漏洞
IBM Robotic Process Automation is a robotic process automation product from IBM USA. IBM Robotic Process Automation versions 21.0.0, 21.0.1 and 21.0.2 have a security vulnerability that stems from the fact that users are not required to have strong passwords by default, which can be exploited by...
CVE-2022-35280
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634...
CVE-2022-29729
Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page...
Lenovo Personal Cloud Storage 信任管理问题漏洞
Lenovo Personal Cloud Storage Lenovo Personal Cloud Storage is a personal cloud storage from Lenovo China.Lenovo Personal Cloud Storage is vulnerable to a trust management issue, which stems from a weak default administrator password for the web interface and serial port, which could be exploited...
PT-2022-11704 · Lenovo · Lenovo Personal Cloud Storage
Name of the Vulnerable Software and Affected Versions: Lenovo Personal Cloud Storage devices affected versions not specified Description: A weak default password for the serial port was reported, which could allow unauthorized device access to an attacker with physical access. Recommendations: At...
Lenovo Personal Cloud Storage 授权问题漏洞
Lenovo Personal Cloud Storage is a cloud storage platform from Lenovo, a Chinese company. Lenovo Personal Cloud Storage is vulnerable to a trust management issue that stems from a weak default password for the serial port in the device, which could be exploited by an attacker to gain physical...
CVE-2021-43799 RabbitMQ exposes ports with weak default secrets in Zulip Server
Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the initial installation until first reboot, or restart of RabbitMQ does not successfully limit the default ports which RabbitMQ opens; this...
CVE-2021-43044
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community...
CVE-2021-43044
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community...
Default credentials
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community...