Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-5633

Summary
Assigner-rapid7
Assigner Org ID-9974b330-7714-4307-a722-5648477acda7
Published At-22 Aug, 2019 | 13:51
Updated At-16 Sep, 2024 | 16:42
Rejected At-
Credits

Hickory Smart Lock Insecure Storage on iOS

An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for iOS, version 01.01.07 and prior versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:rapid7
Assigner Org ID:9974b330-7714-4307-a722-5648477acda7
Published At:22 Aug, 2019 | 13:51
Updated At:16 Sep, 2024 | 16:42
Rejected At:
▼CVE Numbering Authority (CNA)
Hickory Smart Lock Insecure Storage on iOS

An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for iOS, version 01.01.07 and prior versions.

Affected Products
Vendor
Belwith Products, LLC
Product
Hickory Smart
Versions
Affected
  • From unspecified through 01.01.07 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-922CWE-922: Insecure Storage of Sensitive Information
Type: CWE
CWE ID: CWE-922
Description: CWE-922: Insecure Storage of Sensitive Information
Metrics
VersionBase scoreBase severityVector
3.06.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
This issue was discovered and reported by Deral Heiland of Rapid7. It has been disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/
x_refsource_MISC
https://apps.apple.com/us/app/hickory-smart/id1189748191
x_refsource_MISC
Hyperlink: https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/
Resource:
x_refsource_MISC
Hyperlink: https://apps.apple.com/us/app/hickory-smart/id1189748191
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/
x_refsource_MISC
x_transferred
https://apps.apple.com/us/app/hickory-smart/id1189748191
x_refsource_MISC
x_transferred
Hyperlink: https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://apps.apple.com/us/app/hickory-smart/id1189748191
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@rapid7.com
Published At:22 Aug, 2019 | 14:15
Updated At:16 Oct, 2020 | 14:52

An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for iOS, version 01.01.07 and prior versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.06.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
belwith-keeler
belwith-keeler
>>hickory_smart>>Versions up to 01.01.07(inclusive)
cpe:2.3:a:belwith-keeler:hickory_smart:*:*:*:*:*:iphone_os:*:*
Weaknesses
CWE IDTypeSource
CWE-922Primarynvd@nist.gov
CWE-922Secondarycve@rapid7.com
CWE ID: CWE-922
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-922
Type: Secondary
Source: cve@rapid7.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://apps.apple.com/us/app/hickory-smart/id1189748191cve@rapid7.com
Product
https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/cve@rapid7.com
Third Party Advisory
Hyperlink: https://apps.apple.com/us/app/hickory-smart/id1189748191
Source: cve@rapid7.com
Resource:
Product
Hyperlink: https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/
Source: cve@rapid7.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

73Records found
CVE-2024-54504
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 8.94%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 22:58
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54477
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.44%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-13 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54549
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.40%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:46
Updated-04 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-44175
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.89%
||
7 Day CHG+0.05%
Published-28 Oct, 2024 | 21:08
Updated-30 Oct, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-42677
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.22%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-18 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component

Action-Not Available
Vendor-isellerpaln/a
Product-enterprise_resource_management_systemn/a
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-39612
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.14%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:25
Updated-04 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Background Task Manager has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-38382
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.14%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:24
Updated-04 Sep, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ability Runtime has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-34721
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.58%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:11
Updated-17 Dec, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-27232
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.77%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:02
Updated-21 Nov, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-23290
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 5.49%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:35
Updated-13 Feb, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacosiOS and iPadOSmacOStvOSwatchOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-23205
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.51%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:35
Updated-13 Feb, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipad_osmacosiOS and iPadOSmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-21826
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.40%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 06:19
Updated-16 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Huks has an insecure storage of sensitive information vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-20462
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.39%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 16:16
Updated-31 Oct, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ata_192_firmwareata_191_firmwareata_192ata_191Cisco Analog Telephone Adaptor (ATA) Software
CWE ID-CWE-257
Storing Passwords in a Recoverable Format
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-6916
Matching Score-4
Assigner-Zowe
ShareView Details
Matching Score-4
Assigner-Zowe
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 12.34%
||
7 Day CHG+0.02%
Published-19 Jul, 2024 | 10:47
Updated-23 Aug, 2024 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zowe CLI --show-inputs-only displays securely stored properties

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag.

Action-Not Available
Vendor-zoweOpen Mainframe Project
Product-zowe_cliZowe CLI - Imperative
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54541
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.67%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:45
Updated-18 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-watchosiphone_osmacostvosvisionosipadosmacOSiOS and iPadOStvOSvisionOSwatchOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-25404
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.07% / 20.38%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:45
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingssmartthings_firmwareSmartThings
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-44298
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.22%
||
7 Day CHG~0.00%
Published-20 Dec, 2024 | 04:06
Updated-07 Jan, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-44174
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.11%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-30 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2024-44292
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.57%
||
7 Day CHG~0.00%
Published-20 Dec, 2024 | 04:06
Updated-07 Jan, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-20396
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.04% / 11.72%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:25
Updated-17 Sep, 2024 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.

Action-Not Available
Vendor-IBM Corporation
Product-security_qradar_analyst_workflowQRadar Analyst Workflow
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2020-5262
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.07% / 21.24%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 17:05
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GitHub personal access token leaking into temporary EasyBuild (debug) logs

In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository.

Action-Not Available
Vendor-easybuild_projecteasybuilders
Product-easybuildeasybuild-framework
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2020-4344
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.05% / 14.44%
||
7 Day CHG~0.00%
Published-15 Sep, 2020 | 13:50
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_business_service_managerTivoli Business Service Manager
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2020-4805
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.05% / 14.44%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 16:05
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.

Action-Not Available
Vendor-IBM Corporation
Product-edge_application_managerEdge
CWE ID-CWE-922
Insecure Storage of Sensitive Information
  • Previous
  • 1
  • 2
  • Next
Details not found