Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
JetstreamJetselect

3 matches found

CVE
CVEadded 2020/05/14 4:18 p.m.53 views

CVE-2019-13022

Bond JetSelect (all versions) has a vulnerability in ENCtool.jar password generation where the plaintext password is XORed into an “encrypted” value stored in the database, making the initial admin passwords trivially reversible and enabling privilege escalation to modify/delete networking config...

10CVSS7.5AI score0.01306EPSS
CVE
CVEadded 2020/05/14 4:16 p.m.47 views

CVE-2019-13021

Bond JetSelect (all versions) stores administrator passwords in an unprotected filesystem file ( /opt/JetSelect/SFC/resources/sfc-general-properties ), instead of encrypting them in the database. The passwords are created via ENCtool.jar during installation and backed up by the installer, enablin...

6.5CVSS7.8AI score0.00603EPSS
CVE
CVEadded 2020/05/14 4:20 p.m.46 views

CVE-2019-13023

Bond JetSelect (all versions) exposes credentials through the web UI: RADIUS secrets, WPA passwords, and SNMP strings hidden with HTML password-field obfuscation can be revealed by using browser Dev Tools to modify the obfuscation. The root cause is client-side password masking rather than server...

6.5CVSS6.4AI score0.00828EPSS