Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-18254

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-29 Jun, 2020 | 13:56
Updated At-05 Aug, 2024 | 01:47
Rejected At-
Credits

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:29 Jun, 2020 | 13:56
Updated At:05 Aug, 2024 | 01:47
Rejected At:
▼CVE Numbering Authority (CNA)

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.

Affected Products
Vendor
n/a
Product
BIOTRONIK CardioMessenger II-S T-Line, CardioMessenger II-S GSM
Versions
Affected
  • CardioMessenger II-S T-Line T4APP 2.20, CardioMessenger II-S GSM T4APP 2.20
Problem Types
TypeCWE IDDescription
CWECWE-311MISSING ENCRYPTION OF SENSITIVE DATA CWE-311
Type: CWE
CWE ID: CWE-311
Description: MISSING ENCRYPTION OF SENSITIVE DATA CWE-311
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.us-cert.gov/ics/advisories/icsma-20-170-05
x_refsource_MISC
Hyperlink: https://www.us-cert.gov/ics/advisories/icsma-20-170-05
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.us-cert.gov/ics/advisories/icsma-20-170-05
x_refsource_MISC
x_transferred
Hyperlink: https://www.us-cert.gov/ics/advisories/icsma-20-170-05
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:29 Jun, 2020 | 14:15
Updated At:29 Oct, 2021 | 19:14

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
biotronik
biotronik
>>cardiomessenger_ii-s_gsm_firmware>>2.20
cpe:2.3:o:biotronik:cardiomessenger_ii-s_gsm_firmware:2.20:*:*:*:*:*:*:*
biotronik
biotronik
>>cardiomessenger_ii-s_gsm>>-
cpe:2.3:h:biotronik:cardiomessenger_ii-s_gsm:-:*:*:*:*:*:*:*
biotronik
biotronik
>>cardiomessenger_ii-s_t-line_firmware>>2.20
cpe:2.3:o:biotronik:cardiomessenger_ii-s_t-line_firmware:2.20:*:*:*:*:*:*:*
biotronik
biotronik
>>cardiomessenger_ii-s_t-line>>-
cpe:2.3:h:biotronik:cardiomessenger_ii-s_t-line:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-312Primarynvd@nist.gov
CWE-311Secondaryics-cert@hq.dhs.gov
CWE ID: CWE-312
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-311
Type: Secondary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.us-cert.gov/ics/advisories/icsma-20-170-05ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
Hyperlink: https://www.us-cert.gov/ics/advisories/icsma-20-170-05
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

128Records found
CVE-2019-18256
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-4.6||MEDIUM
EPSS-0.06% / 17.34%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 13:56
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit.

Action-Not Available
Vendor-biotronikn/a
Product-cardiomessenger_ii-s_gsmcardiomessenger_ii-s_gsm_firmwarecardiomessenger_ii-s_t-linecardiomessenger_ii-s_t-line_firmwareBIOTRONIK CardioMessenger II-S T-Line, CardioMessenger II-S GSM
CWE ID-CWE-257
Storing Passwords in a Recoverable Format
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-19009
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.28%
||
7 Day CHG~0.00%
Published-25 Jan, 2019 | 20:00
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device.

Action-Not Available
Vendor-pilzPilz
Product-pnozmulti_configuratorPilz PNOZmulti Configurator
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-8849
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-4.6||MEDIUM
EPSS-0.08% / 24.26%
||
7 Day CHG~0.00%
Published-18 May, 2018 | 13:00
Updated-27 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Medtronic N'Vision Clinician Programmer Missing Encryption of Sensitive Data

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest.

Action-Not Available
Vendor-medtronicMedtronic
Product-n\'vision_8840_firmwaren\'vision_8870_firmwaren\'vision_8870n\'vision_8840N'Vision Clinician Programmer8870 N’Vision removable Application Card
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2018-6674
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 5.15%
||
7 Day CHG~0.00%
Published-25 May, 2018 | 13:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation vulnerability in McAfee VSE when McTray run with elevated privileges

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-virusscan_enterprisewindows VirusScan Enterprise (VSE)
CWE ID-CWE-264
Not Available
CWE ID-CWE-274
Improper Handling of Insufficient Privileges
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2021-28858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.19%
||
7 Day CHG~0.00%
Published-15 Jun, 2021 | 21:51
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wpa4220_firmwaretl-wpa4220n/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-41740
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.04% / 13.11%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 17:30
Updated-10 Apr, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.

Action-Not Available
Vendor-IBM CorporationRed Hat, Inc.Microsoft Corporation
Product-openshiftwindowsrobotic_process_automationrobotic_process_automation_for_cloud_pakRobotic Process Automation
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-4847
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 9.54%
||
7 Day CHG~0.00%
Published-23 Apr, 2018 | 16:00
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue.

Action-Not Available
Vendor-Siemens AG
Product-simatic_wincc_oa_operatorSIMATIC WinCC OA Operator iOS App
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2018-1937
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.56%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 18:00
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_privateCloud Private
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2021-23182
Matching Score-4
Assigner-Gallagher Group Ltd.
ShareView Details
Matching Score-4
Assigner-Gallagher Group Ltd.
CVSS Score-6||MEDIUM
EPSS-0.03% / 7.07%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:46
Updated-03 Aug, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30.

Action-Not Available
Vendor-Gallagher Group Ltd.
Product-command_centreCommand Centre
CWE ID-CWE-316
Cleartext Storage of Sensitive Information in Memory
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-19279
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.45%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 20:00
Updated-17 Sep, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.

Action-Not Available
Vendor-primxn/aMicrosoft Corporation
Product-zonecentralwindowsn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-20008
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 9.13%
||
7 Day CHG~0.00%
Published-28 May, 2019 | 20:03
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console.

Action-Not Available
Vendor-iballn/a
Product-ib-wrb302n_firmwareib-wrb302nn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-1877
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.64%
||
7 Day CHG~0.00%
Published-02 Nov, 2018 | 15:00
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automation_with_automation_anywhereRobotic Process Automation with Automation Anywhere
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4604
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.02% / 4.91%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:10
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-18984
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-4.6||MEDIUM
EPSS-0.08% / 24.33%
||
7 Day CHG~0.00%
Published-14 Dec, 2018 | 15:00
Updated-22 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Medtronic 9790, 2090 CareLink, and 29901 Encore Programmers Missing Encryption of Sensitive Data

Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest .

Action-Not Available
Vendor-medtronicMedtronic
Product-carelink_2090_programmercarelink_2090_programmer_firmware29901_encore_programmer_firmwarecarelink_9790_programmer29901_encore_programmercarelink_9790_programmer_firmwareCareLink 9790 ProgrammerCareLink 2090 Programmer29901 Encore Programmer
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4884
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 4.27%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 16:00
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-20567
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 1.21%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 16:15
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-resilient_security_orchestration_automation_and_responselinuxResilient SOAR
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2018-17489
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.9||LOW
EPSS-0.05% / 15.07%
||
7 Day CHG~0.00%
Published-19 Mar, 2019 | 19:47
Updated-16 Sep, 2024 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.

Action-Not Available
Vendor-hidglobalHID Global
Product-easylobby_soloEasyLobby Solo
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-16837
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.08%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 15:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.Debian GNU/LinuxSUSE
Product-debian_linuxlinux_enterprisepackage_hubansible_engineansible_towerAnsible
CWE ID-CWE-214
Invocation of Process Using Visible Sensitive Information
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2020-4369
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 6.40%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 20:30
Updated-16 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.

Action-Not Available
Vendor-IBM Corporation
Product-verify_gatewayVerify Gateway (IVG)
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-17499
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.9||LOW
EPSS-0.05% / 15.07%
||
7 Day CHG~0.00%
Published-19 Mar, 2019 | 19:47
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.

Action-Not Available
Vendor-envoyEnvoy
Product-passportEnvoy Passport for AndroidEnvoy Passport for iPhone
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-53651
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 8.00%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 10:28
Updated-11 Feb, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). Affected devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the entire filesystem of the device.

Action-Not Available
Vendor-Siemens AG
Product-SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 7ST85 (CP300)SIPROTEC 5 7SJ81 (CP100)SIPROTEC 5 7SD87 (CP200)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7UT86 (CP200)SIPROTEC 5 7VE85 (CP300)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 6MD85 (CP200)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 7SD82 (CP100)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SJ86 (CP200)SIPROTEC 5 7UT82 (CP100)SIPROTEC 5 7UT85 (CP300)SIPROTEC 5 6MD84 (CP300)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7SY82 (CP150)SIPROTEC 5 7SA87 (CP200)SIPROTEC 5 7SL87 (CP200)SIPROTEC 5 7SA82 (CP100)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7VK87 (CP200)SIPROTEC 5 7SL82 (CP100)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 7VU85 (CP300)SIPROTEC 5 7SJ85 (CP200)SIPROTEC 5 7SK85 (CP200)SIPROTEC 5 7KE85 (CP200)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 6MD86 (CP200)SIPROTEC 5 7SA86 (CP200)SIPROTEC 5 7SK82 (CP100)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 7SJ82 (CP150)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 7UT85 (CP200)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7SL86 (CP200)SIPROTEC 5 7ST85 (CP200)SIPROTEC 5 6MD85 (CP300)SIPROTEC 5 7SJ82 (CP100)SIPROTEC 5 7ST86 (CP300)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7UT87 (CP200)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 7SS85 (CP200)SIPROTEC 5 7SD86 (CP200)
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-16498
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.13%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 18:45
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores.

Action-Not Available
Vendor-n/aVersa Networks, Inc.
Product-versa_directorVersa Director
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-1621
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 5.12%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-7516
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.63%
||
7 Day CHG~0.00%
Published-23 Jul, 2020 | 20:47
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials.

Action-Not Available
Vendor-n/a
Product-easergy_builderEasergy Builder V1.4.7.2 and prior
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-12572
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.62%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 18:20
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.

Action-Not Available
Vendor-avastn/a
Product-free_antivirusn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4944
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 5.13%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 16:00
Updated-17 Sep, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2023-28345
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 5.19%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 00:00
Updated-14 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to the affected endpoint and obtain the teacher's password. This enables them to log into the Teacher Console and begin trivially attacking student machines.

Action-Not Available
Vendor-faronicsn/aMicrosoft Corporation
Product-windowsinsightn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4224
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.9||LOW
EPSS-0.04% / 13.60%
||
7 Day CHG~0.00%
Published-03 Feb, 2020 | 16:45
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133.

Action-Not Available
Vendor-IBM Corporation
Product-storediqStoredIQ
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-38280
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7||HIGH
EPSS-0.09% / 24.91%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 17:05
Updated-03 Oct, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext Storage in a File or on Disk in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text.

Action-Not Available
Vendor-Motorola SolutionsmotorolasolutionsMotorola Mobility LLC. (Lenovo Group Limited)
Product-vigilant_fixed_lpr_coms_box_firmwarevigilant_fixed_lpr_coms_boxVigilant Fixed LPR Coms Box (BCAV1F2-C600)vigilant_fixed_lpr_coms_box
CWE ID-CWE-313
Cleartext Storage in a File or on Disk
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-29868
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.45%
||
7 Day CHG~0.00%
Published-09 May, 2022 | 18:34
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.

Action-Not Available
Vendor-1passwordn/a
Product-1passwordn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-35282
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-3.9||LOW
EPSS-0.12% / 31.42%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 14:37
Updated-14 Jan, 2026 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump.

Action-Not Available
Vendor-Fortinet, Inc.
Product-forticlientFortiClientiOS
CWE ID-CWE-316
Cleartext Storage of Sensitive Information in Memory
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2002-1696
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.89%
||
7 Day CHG~0.00%
Published-21 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.

Action-Not Available
Vendor-pgpn/aMicrosoft Corporation
Product-personal_privacyoutlookn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-27549
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-4||MEDIUM
EPSS-0.02% / 5.67%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 20:25
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Launch could disclose sensitive database information to a local user in plain text.

HCL Launch may store certain data for recurring activities in a plain text format.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-hcl_launchHCL Launch
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-28162
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-3.3||LOW
EPSS-0.02% / 5.81%
||
7 Day CHG~0.00%
Published-09 May, 2022 | 16:31
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-sannavBrocade SANNav
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4095
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-6||MEDIUM
EPSS-0.03% / 6.70%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 18:27
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access."

Action-Not Available
Vendor-n/aHCL Technologies Ltd.
Product-bigfix_platform"HCL BigFix Platform"
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-25692
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 8.06%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 19:21
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.

Action-Not Available
Vendor-teradicin/a
Product-pcoip_connection_manager_and_security_gatewayTeradici PCoIP Connection Manager and Security Gateway
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2017-8769
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 5.38%
||
7 Day CHG~0.00%
Published-18 May, 2017 | 06:13
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion, or who expect encryption (consistent with the application's use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not "consider these to be security issues" because a user may legitimately want to preserve any file for use "in other apps like the Google Photos gallery" regardless of whether its associated chat is deleted

Action-Not Available
Vendor-n/aWhatsApp LLC
Product-whatsappn/a
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2020-36248
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.9||LOW
EPSS-0.03% / 7.45%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 07:00
Updated-26 Mar, 2025 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.

Action-Not Available
Vendor-n/aownCloud GmbH
Product-owncloud_clientn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-24120
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.05% / 14.22%
||
7 Day CHG~0.00%
Published-26 Dec, 2022 | 00:00
Updated-12 Apr, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.

Action-Not Available
Vendor-gen/a
Product-inet_900_firmwaresd4sd9td220x_firmwaresd9_firmwareinet_ii_900sd1sd1_firmwaretd220maxinet_ii_900_firmwaresd2_firmwareinet_900sd4_firmwaretd220max_firmwaresd2td220xn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-3389
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 10.86%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 16:16
Updated-13 Nov, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Hyperflex HX-Series Software Weak Storage Vulnerability

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-hyperflex_hx-series_softwareCisco HyperFlex HX Data Platform
CWE ID-CWE-310
Not Available
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2018-1938
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.56%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 18:00
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_privateCloud Private
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2020-35454
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 7.27%
||
7 Day CHG~0.00%
Published-17 Mar, 2021 | 14:58
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration.

Action-Not Available
Vendor-taidiin/a
Product-diibearn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-23234
Matching Score-4
Assigner-NetApp, Inc.
ShareView Details
Matching Score-4
Assigner-NetApp, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.14%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:12
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.

Action-Not Available
Vendor-n/aNetApp, Inc.
Product-snapcenterSnapCenter
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-22478
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 16.70%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 16:25
Updated-16 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.Apple Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelhp-uxwindowsspectrum_protect_clientmacosaixSpectrum Protect Client
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-23236
Matching Score-4
Assigner-NetApp, Inc.
ShareView Details
Matching Score-4
Assigner-NetApp, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.09% / 25.97%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 13:46
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.

Action-Not Available
Vendor-n/aNetApp, Inc.
Product-e-series_santricity_os_controllerE-Series SANtricity OS Controller Software 11.x
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-21547
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 4.83%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 21:10
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentunityvsa_operating_environmentunity_xt_operating_environmentUnity
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-35455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.37%
||
7 Day CHG~0.00%
Published-17 Mar, 2021 | 14:58
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage.

Action-Not Available
Vendor-taidiin/a
Product-diibearn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-23129
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.17%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 18:17
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when configuration information of GridWorX, a database linkage function of GENESIS64 and MC Works64, is exported to a CSV file, the authentication information is saved in plaintext, and an attacker who can access this CSV file can gain the authentication information.

Action-Not Available
Vendor-iconicsn/aMitsubishi Electric Corporation
Product-genesis64mc_works64Mitsubishi Electric MC Works64; ICONICS GENESIS64
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-22484
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 4.27%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 16:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixspectrum_protectwindowslinux_kernelSpectrum Protect Operations Center
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-25677
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.74%
||
7 Day CHG~0.00%
Published-08 Dec, 2020 | 00:02
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.

Action-Not Available
Vendor-cephn/aRed Hat, Inc.
Product-ceph_storageceph-ansibleceph-ansible
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found