Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-29380

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-29 Nov, 2020 | 00:46
Updated At-04 Aug, 2024 | 16:55
Rejected At-
Credits

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:29 Nov, 2020 | 00:46
Updated At:04 Aug, 2024 | 16:55
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://seclists.org/fulldisclosure/2020/Jul/14
x_refsource_MISC
Hyperlink: https://seclists.org/fulldisclosure/2020/Jul/14
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://seclists.org/fulldisclosure/2020/Jul/14
x_refsource_MISC
x_transferred
Hyperlink: https://seclists.org/fulldisclosure/2020/Jul/14
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:29 Nov, 2020 | 01:15
Updated At:21 Jul, 2021 | 11:39

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
vsolcn
vsolcn
>>v1600d_firmware>>2.03.57
cpe:2.3:o:vsolcn:v1600d_firmware:2.03.57:*:*:*:*:*:*:*
vsolcn
vsolcn
>>v1600d_firmware>>2.03.69
cpe:2.3:o:vsolcn:v1600d_firmware:2.03.69:*:*:*:*:*:*:*
vsolcn
vsolcn
>>v1600d>>-
cpe:2.3:h:vsolcn:v1600d:-:*:*:*:*:*:*:*
vsolcn
vsolcn
>>v1600d4l_firmware>>1.01.49
cpe:2.3:o:vsolcn:v1600d4l_firmware:1.01.49:*:*:*:*:*:*:*
vsolcn
vsolcn
>>v1600d4l>>-
cpe:2.3:h:vsolcn:v1600d4l:-:*:*:*:*:*:*:*
vsolcn
vsolcn
>>v1600d-mini_firmware>>1.01.48
cpe:2.3:o:vsolcn:v1600d-mini_firmware:1.01.48:*:*:*:*:*:*:*
vsolcn
vsolcn
>>v1600d-mini>>-
cpe:2.3:h:vsolcn:v1600d-mini:-:*:*:*:*:*:*:*
vsolcn
vsolcn
>>v1600g1_firmware>>1.9.7
cpe:2.3:o:vsolcn:v1600g1_firmware:1.9.7:*:*:*:*:*:*:*
vsolcn
vsolcn
>>v1600g1_firmware>>2.0.7
cpe:2.3:o:vsolcn:v1600g1_firmware:2.0.7:*:*:*:*:*:*:*
vsolcn
vsolcn
>>v1600g1>>-
cpe:2.3:h:vsolcn:v1600g1:-:*:*:*:*:*:*:*
vsolcn
vsolcn
>>v1600g2_firmware>>1.1.4
cpe:2.3:o:vsolcn:v1600g2_firmware:1.1.4:*:*:*:*:*:*:*
vsolcn
vsolcn
>>v1600g2>>-
cpe:2.3:h:vsolcn:v1600g2:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-319Primarynvd@nist.gov
CWE-522Primarynvd@nist.gov
CWE ID: CWE-319
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-522
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://seclists.org/fulldisclosure/2020/Jul/14cve@mitre.org
Mailing List
Third Party Advisory
Hyperlink: https://seclists.org/fulldisclosure/2020/Jul/14
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

165Records found
CVE-2019-10391
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.47%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 15:30
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.

Action-Not Available
Vendor-Jenkins
Product-ibm_application_security_on_cloudJenkins IBM Application Security on Cloud Plugin
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-10705
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.45%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 14:47
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials.

Action-Not Available
Vendor-n/aWestern Digital Corp.
Product-sandisk_x600_sd9tb8w-128gsandisk_x600_sd9sb8w-512gsandisk_x600_sd9sn8w-1t00sandisk_x600_sd9tb8w-1t00sandisk_x600_sd9sb8w-128g_firmwaresandisk_x600_sd9tn8w-2t00_firmwaresandisk_x600_sd9tb8w-128g_firmwaresandisk_x600_sd9sn8w-2t00_firmwaresandisk_x600_sd9tn8w-512gsandisk_x600_sd9sn8w-2t00sandisk_x600_sd9sb8w-2t00sandisk_x600_sd9tn8w-256gsandisk_x600_sd9sb8w-256gsandisk_x600_sd9tn8w-128gsandisk_x600_sd9sb8w-1t00sandisk_x600_sd9tb8w-256gsandisk_x600_sd9tb8w-2t00sandisk_x600_sd9sb8w-512g_firmwaresandisk_x600_sd9sn8w-512g_firmwaresandisk_x600_sd9sn8w-256gsandisk_x600_sd9sb8w-1t00_firmwaresandisk_x600_sd9sb8w-256g_firmwaresandisk_x600_sd9sn8w-256g_firmwaresandisk_x600_sd9tn8w-1t00sandisk_x600_sd9tb8w-512gsandisk_x600_sd9tb8w-256g_firmwaresandisk_x600_sd9tn8w-128g_firmwaresandisk_x600_sd9sb8w-2t00_firmwaresandisk_x600_sd9sn8w-1t00_firmwaresandisk_x600_sd9tn8w-256g_firmwaresandisk_x600_sd9sn8w-512gsandisk_x600_sd9tb8w-1t00_firmwaresandisk_x600_sd9tn8w-1t00_firmwaresandisk_x600_sd9tn8w-2t00sandisk_x600_sd9sn8w-128gsandisk_x600_sd9tn8w-512g_firmwaresandisk_x600_sd9sb8w-128gsandisk_x600_sd9tb8w-512g_firmwaresandisk_x600_sd9sn8w-128g_firmwaresandisk_x600_sd9tb8w-2t00_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-43187
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 4.39%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 20:37
Updated-05 Aug, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access information disclosure

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessverify_identity_accessSecurity Verify Access ApplianceSecurity Verify Access Container
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2018-7698
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.63% / 69.48%
||
7 Day CHG~0.00%
Published-05 Mar, 2018 | 19:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L) unencrypted from the app to the camera, allowing attackers to obtain these credentials and gain control of the camera including the ability to view the camera's stream and make changes without the user's knowledge.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-mydlink\+n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-32946
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 25.26%
||
7 Day CHG+0.01%
Published-30 Oct, 2024 | 13:35
Updated-13 Nov, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks.

Action-Not Available
Vendor-level1LevelOne
Product-wbr-6012_firmwarewbr-6012WBR-6012
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2018-5471
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.

Action-Not Available
Vendor-beldenn/a
Product-hirschmann_octopus_16m-train-bphirschmann_octopus_os20-001000t5t5tafuhbhirschmann_octopus_24mhirschmann_mach104-16tx-poep_\+2x_-r-l3phirschmann_rsb20-0900s2tttaabehirschmann_mach4002-48g-l3ehirschmann_octopus_os20-0010001s1strephhhirschmann_rsb20-0900zzz6taabhirschmann_rsb20-0900zzz6saabhirschmann_mach4002-24g-l2phirschmann_octopus_8m-6poehirschmann_octopus_24m-trainhirschmann_rsb20-0900s2ttsaabehirschmann_octopus_os3x-xx24xxxhirschmann_rs20-0900nnm4tdauhirschmann_mach4002-24g-l3ehirschmann_octopus_24m-8_poehirschmann_octopus_8m-trainhirschmann_rs20-1600l2m2sdauhirschmann_rs20-1600s2m2sdauhirschmann_rsb20-0800t1t1saabehirschmann_mach4002-48g\+3x-l3phirschmann_rsb20-0900m2tttaabehirschmann_mach102-8tp-frhirschmann_ms20-0800saaphirschmann_rsb20-0900vvm2saabhirschmann_mach104-16tx-poephirschmann_mach104-16tx-poep_-e-l3phirschmann_m1-8tp-rj45hirschmann_mach102-8tphirschmann_rs20-1600l2l2sdauhirschmann_mach102-8tp-rhirschmann_mach104-20tx-frhirschmann_rsb20-0900m2ttsaabhirschmann_rsb20-0900vvm2taabhirschmann_mach104-20tx-f-4poehirschmann_ms30-0802saaehirschmann_octopus_os24-081000t5t5tneuhbhirschmann_octopus_os30hirschmann_octopus_os20-0010004m4mtrephhhirschmann_mach4002-48g-l3phirschmann_octopus_24m-train-bphirschmann_octopus_os32-080802o6o6tpephhhirschmann_rs20-1600m2t1sdauhirschmann_rs20-1600s2s2sdauhirschmann_octopus_16m-trainhirschmann_octopus_os30-0008021b1btrephhhirschmann_ms20-0800eccphirschmann_rsb20-0900m2ttsaabehirschmann_rsb20-0800t1t1saabhirschmann_rsb20-0900s2ttsaabhirschmann_rsb20-0900zzz6saabehirschmann_octopus_16mhirschmann_rsb20-0800m2m2saabhirschmann_octopus_os30-0008024b4btrephhhirschmann_rs20-1600m2m2sdauhirschmann_ms20-1600saaehirschmann_octopus_os20-000900t5t5tafbhhhirschmann_octopus_os24-080900t5t5tnebhhhirschmann_octopus_os32-081602o6o6tpephhhirschmann_rsb20-0900mmm2saabhirschmann_mach104-20tx-fhirschmann_rsb20-0900mmm2taabhirschmann_ms20-0800saaehirschmann_octopus_os34hirschmann_rsb20-0800t1t1taabhirschmann_octopus_os20-0010004s4strephhhirschmann_rs20-0900vvm2tdauhirschmann_octopus_os24-081000t5t5tffuhbhirschmann_mach102-24tp-fhirschmann_mach4002-48g-l2phirschmann_ms30-0802saaphirschmann_octopus_5tx_eechirschmann_rsb20-0800s2s2saabehirschmann_mach104-16tx-poep_-ehirschmann_ms20-1600saaphirschmann_rsb20-0900mmm2taabehirschmann_m1-8mm-schirschmann_mach104-16tx-poep_-r-l3phirschmann_rsb20-0800m2m2taabehirschmann_mach104-20tx-f-l3phirschmann_rsb20-0900mmm2saabehirschmann_mach104-16tx-poep_-rhirschmann_rs20-1600l2s2sdauhirschmann_mach102-24tp-frhirschmann_rs20-1600l2t1sdauhirschmann_octopus_8tx_poe-eechirschmann_mach104-20tx-fr-l3phirschmann_octopus_8m-8poehirschmann_octopus_os20-001000t5t5tneuhbhirschmann_mach102-8tp-fhirschmann_mach104-16tx-poep_\+2xhirschmann_octopus_os24-080900t5t5tffbhhhirschmann_rs20-0900mmm2tdauhirschmann_octopus_os30-0008024a4atrephhhirschmann_mach4002-48g\+3x-l2phirschmann_rsb20-0900m2tttaabhirschmann_mach4002-24g\+3x-l2phirschmann_ms30-1602saaehirschmann_mach4002-24g\+3x-l3phirschmann_rsr20hirschmann_octopus_os20-0010001m1mtrephhhirschmann_mach104-16tx-poep_\+2x_-ehirschmann_octopus_16m-8poehirschmann_rsb20-0800m2m2saabehirschmann_rsb20-0800s2s2saabhirschmann_octopus_os20-000900t5t5tnebhhhirschmann_rsr30hirschmann_mach4002-24g-l3phirschmann_octopus_os3x-xx16xxxhirschmann_rsb20-0800m2m2taabhirschmann_mach104-16tx-poep_\+2x-l3phirschmann_mach104-16tx-poep-l3phirschmann_rsb20-0900vvm2saabehirschmann_octopus_os32-081602t6t6tpephhhirschmann_rs20-1600s2t1sdauhirschmann_m1-8sm-schirschmann_rsb20-0900s2tttaabhirschmann_rsb20-0900vvm2taabehirschmann_rsb20-0900zzz6taabehirschmann_octopus_os32-080802t6t6tpephhhirschmann_mach4002-48g\+3x-l3ehirschmann_ms20-1600eccphirschmann_rsb20-0800t1t1taabehirschmann_octopus_8m-train-bphirschmann_mach104-16tx-poep_\+2x_-e-l3phirschmann_rsb20-0800s2s2taabehirschmann_octopus_os30-0008021a1atrephhhirschmann_mach4002-24g\+3x-l3ehirschmann_octopus_8mhirschmann_octopus_8tx-eechirschmann_rsb20-0800s2s2taabhirschmann_m1-8sfphirschmann_mach104-16tx-poep_\+2x_-rHirschmann Automation and Control GmbH Classic Platform Switches
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2018-3609
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-8.1||HIGH
EPSS-26.23% / 96.10%
||
7 Day CHG~0.00%
Published-16 Feb, 2018 | 22:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-interscan_messaging_security_virtual_applianceTrend Micro InterScan Messaging Security Virtual Appliance
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-25650
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 12.26%
||
7 Day CHG~0.00%
Published-14 Mar, 2024 | 00:00
Updated-01 May, 2025 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application.

Action-Not Available
Vendor-delinean/a
Product-secret_serverdistributed_enginen/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2018-4190
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-1.48% / 80.18%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxtvossafariwindowsicloudn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-38846
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 14.72%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 13:15
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.

Action-Not Available
Vendor-espocrmn/a
Product-espocrmn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-38458
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 17:41
Updated-26 Feb, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rbs750_firmwarerbs750Orbi Router RBR750
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-29892
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.85%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 16:27
Updated-11 Dec, 2024 | 03:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controller
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-20154
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.92%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 21:31
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords.

Action-Not Available
Vendor-n/aTRENDnet, Inc.
Product-tew-827dru_firmwaretew-827druTrendnet AC2600 TEW-827DRU
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-5893
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-3.7||LOW
EPSS-0.13% / 32.92%
||
7 Day CHG~0.00%
Published-30 Apr, 2020 | 21:00
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_access_policy_managerbig-ip_access_policy_manager_clientBIG-IP Edge Client
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-5426
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-8.6||HIGH
EPSS-0.18% / 39.81%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 17:05
Updated-17 Sep, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Scheduler for TAS can transmit privileged UAA token in plaintext

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-pivotal_schedulerPivotal Scheduler
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found