CWE:
 

Topic
Date
Author
High
SmartFoxServer 2X 2.17.0 Credential Disclosure
08.02.2021
LiquidWorm
Med.
URVE Software Build 24.03.2020 Information Disclosure
30.12.2020
Erik Steltzner
High
Brickcom 100ap Series Authentication Bypass / CSRF
13.06.2013
Eliezer Varade Lopez


CVEMAP Search Results

CVE
Details
Description
2022-05-11
Medium
CVE-2022-28214

Vendor: SAP
Software: Businessobje...
 

 

 
2022-05-09
Low
CVE-2022-28162

Vendor: Broadcom
Software: Sannav
 

 
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.

 
2022-04-19
Low
CVE-2021-39078

Updating...
 

 
IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589.

 
2022-04-11
Low
CVE-2022-0835

Vendor: Aveva
Software: System platform
 

 
AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.

 
2022-04-01
Medium
CVE-2022-25158

Updating...
 

 
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext.

 
Low
CVE-2022-25160

Updating...
 

 
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user's system.

 
2022-03-28
Low
CVE-2021-45491

Vendor: 3CX
Software: 3CX
 

 
3CX System through 2022-03-17 stores cleartext passwords in a database.

 
2022-03-21
Medium
CVE-2022-26148

Vendor: Grafana
Software: Grafana
 

 
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.

 
2022-03-10
Low
CVE-2022-26778

Vendor: Veritas
Software: System recovery
 

 
Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.

 
2022-03-04
Low
CVE-2021-43590

Vendor: DELL
Software: Enterprise s...
 

 
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top