The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access.
6.7CVSS
6.3AI Score
0.0004EPSS
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network.
7.5CVSS
7.6AI Score
0.003EPSS