Show CWE-319: Cleartext Transmission of Sensitive Information - CXSecurity.com

	Topic	Date	Author
Med.	Real Estate 7 WordPress v2.9.4 Multiple Vulnerabilities	13.01.2020	m0ze
High	Across DR-810 ROM-0 - Backup File Disclosure	12.01.2019	SajjadBnz
Med.	MensaMax 4.3 Hardcoded Encryption Key Disclosure	02.10.2018	Stefan Pietsch
Med.	Trend Micro ServerProtect Disclosure / CSRF / XSS	26.05.2017	Multiple
Med.	QNAP QTS 4.2.x XSS / Command Injection / Transport Issues	18.02.2017	Harry Sintonen
Med.	Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle	20.01.2016	Core
Med.	ElasticSearch Cloud-Azure Insecure Transit	20.09.2015	Pedro Andujar

CVEMAP Search Results

CVE

Details

Description

2021-01-07

Low

CVE-2020-4893

Vendor: IBM
Software: Emptoris str...

IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.

2021-01-05

Medium

CVE-2020-4899

Vendor: IBM
Software: Api connect

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.

2020-12-31

Medium

CVE-2018-19944

Vendor: QNAP
Software: QTS

A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later)

2020-12-23

Medium	CVE-2020-25190	Updating...	The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.
Medium	CVE-2020-11718	Vendor: Bilanc Software: Bilanc	An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP.

2020-12-18

Low

CVE-2020-13528

Updating...

An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.

2020-12-16

Medium

CVE-2020-14248

Vendor: Hcltech
Software: Bigfix platform

BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

2020-11-30

Low

CVE-2020-27586

Vendor: Quickheal
Software: Total security

Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text.

2020-11-29

Low

CVE-2020-29380

Updating...

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance.

2020-11-24

Low

CVE-2020-29055

Updating...

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance.

Copyright 2021, cxsecurity.com