Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-30183

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 May, 2021 | 10:36
Updated At-03 Aug, 2024 | 22:24
Rejected At-
Credits

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 May, 2021 | 10:36
Updated At:03 Aug, 2024 | 22:24
Rejected At:
▼CVE Numbering Authority (CNA)

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/OctopusDeploy/Issues
x_refsource_MISC
https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html
x_refsource_MISC
Hyperlink: https://github.com/OctopusDeploy/Issues
Resource:
x_refsource_MISC
Hyperlink: https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/OctopusDeploy/Issues
x_refsource_MISC
x_transferred
https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/OctopusDeploy/Issues
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 May, 2021 | 11:15
Updated At:07 Nov, 2023 | 03:33

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

Octopus Deploy Pty. Ltd.
octopus
>>server>>Versions before 2020.5.329(exclusive)
cpe:2.3:a:octopus:server:*:*:*:*:*:*:*:*
Octopus Deploy Pty. Ltd.
octopus
>>server>>Versions from 2020.6.0(inclusive) to 2020.6.4847(exclusive)
cpe:2.3:a:octopus:server:*:*:*:*:*:*:*:*
Octopus Deploy Pty. Ltd.
octopus
>>server>>Versions from 2021.1.0(inclusive) to 2021.1.6959(exclusive)
cpe:2.3:a:octopus:server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-312Primarynvd@nist.gov
CWE ID: CWE-312
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.htmlcve@mitre.org
N/A
https://github.com/OctopusDeploy/Issuescve@mitre.org
Third Party Advisory
Hyperlink: https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/OctopusDeploy/Issues
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

203Records found

CVE-2025-26495
Matching Score-4
Assigner-Salesforce, Inc.
ShareView Details
Matching Score-4
Assigner-Salesforce, Inc.
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.22%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:56
Updated-04 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive Data Exposure in Tableau Server

Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19.

Action-Not Available
Vendor-Salesforce
Product-Tableau Server
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-41734
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.12%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 17:38
Updated-12 Mar, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Asset Management information disclosure

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_application_suitemaximo_asset_managementMaximo Asset Management
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-42956
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.83%
||
7 Day CHG~0.00%
Published-07 Nov, 2022 | 00:00
Updated-05 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password.

Action-Not Available
Vendor-passworkn/a
Product-passworkn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2015-8314
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.37%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 00:00
Updated-27 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.

Action-Not Available
Vendor-heartcombon/a
Product-devisen/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-27757
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-04 Mar, 2022 | 18:53
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

" Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information."

Action-Not Available
Vendor-n/aHCL Technologies Ltd.
Product-bigfix_insights"BigFix Insights"
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2025-25758
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.09%
||
7 Day CHG+0.01%
Published-20 Mar, 2025 | 00:00
Updated-24 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-31791
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-23 Apr, 2021 | 21:07
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command.

Action-Not Available
Vendor-sentrysoftwaren/a
Product-hardware_sentry_km_for_bmc_patroln/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-30997
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.85%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:51
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A S/MIME issue existed in the handling of encrypted email. This issue was addressed by not automatically loading some MIME parts. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker may be able to recover plaintext contents of an S/MIME-encrypted e-mail.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2017-13663
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 23.20%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key.

Action-Not Available
Vendor-ismartalarmn/a
Product-cubeone_firmwarecubeonen/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-29550
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.98%
||
7 Day CHG~0.00%
Published-23 Dec, 2020 | 15:06
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext: Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000A000000DD, Server/data/base/16384/18617, and Server/data/base/17202/8708746. This causes the password to be displayed as cleartext in the HTML code as roomsreservationimport_password in /urve/roomsreservationimport/roomsreservationimport/update-HTML5.

Action-Not Available
Vendor-urven/a
Product-urven/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2025-22896
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.2||CRITICAL
EPSS-41.64% / 97.33%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 21:31
Updated-04 Mar, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mySCADA myPRO Manager Cleartext Storage of Sensitive Information

mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.

Action-Not Available
Vendor-myscadamySCADA
Product-mypromyPRO Manager
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-28937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-33.83% / 96.81%
||
7 Day CHG~0.00%
Published-29 Mar, 2021 | 12:04
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP.

Action-Not Available
Vendor-acexyn/a
Product-wireless-n_wifi_repeater_firmwarewireless-n_wifi_repeatern/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-29950
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.41%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 13:18
Updated-03 Aug, 2024 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdThunderbird
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-29954
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 39.09%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 13:17
Updated-03 Aug, 2024 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210428201255.

Action-Not Available
Vendor-Mozilla Corporation
Product-hubs_cloud_reticulumHubs Cloud
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-29481
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.35%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 18:20
Updated-03 Aug, 2024 | 22:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Client side sessions should not allow unencrypted storage

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. For this to be a vulnerability, some kind of sensitive data would need to be stored in the session and the session cookie would have to leak. For example, the cookies are not configured with httpOnly and an adjacent XSS vulnerability within the site allowed capture of the cookies. As of version 1.9.0, a securely randomly generated signing key is used. As a workaround, one may supply an encryption key, as per the documentation recommendation.

Action-Not Available
Vendor-ratpack_projectratpack
Product-ratpackratpack
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-27549
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.19%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 16:37
Updated-03 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen

Action-Not Available
Vendor-genymobilen/a
Product-genymotion_desktopn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-27178
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.20%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:34
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-27174
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.83%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:34
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-25644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.32%
||
7 Day CHG~0.00%
Published-19 May, 2021 | 18:50
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators.

Action-Not Available
Vendor-n/aCouchbase, Inc.
Product-couchbase_servern/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-27176
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.83%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:34
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext passwords and 0644 permissions.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-27140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.43%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:41
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-27175
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:34
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext passwords and 0644 permissions.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-25898
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-23 Apr, 2021 | 20:47
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server.

Action-Not Available
Vendor-voidn/a
Product-aural_rec_monitorn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-8644
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.3||CRITICAL
EPSS-0.09% / 26.43%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 11:48
Updated-04 Oct, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext Storage of Sensitive Information in Oceanic Software's ValeApp

Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: before v2.0.0.

Action-Not Available
Vendor-oceanicsoftOceanic Softwareoceanicsoft
Product-valeappValeAppvaleapp
CWE ID-CWE-315
Cleartext Storage of Sensitive Information in a Cookie
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-6921
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.7||HIGH
EPSS-0.09% / 26.19%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 13:24
Updated-17 Sep, 2024 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext Username and Password in NAC Telecommunication's NACPremium

Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Retrieve Embedded Sensitive Data.This issue affects NACPremium: through 01082024.

Action-Not Available
Vendor-nacNAC Telecommunication Systems Inc.nac_telecommunication_systems
Product-nacpremiumNACPremiumnacpremium
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-55196
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.26%
||
7 Day CHG~0.00%
Published-19 Dec, 2024 | 00:00
Updated-02 Jan, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-52525
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-1.8||LOW
EPSS-0.09% / 26.25%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 16:30
Updated-23 Jan, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nextcloud Server User password is available in memory of the PHP process

Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage (Redis or disk), but it would allow a malicious process that gains access to the memory of the PHP process, to get access to the cleartext password of the user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.

Action-Not Available
Vendor-Nextcloud GmbH
Product-nextcloud_serversecurity-advisories
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-45391
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.57%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 19:43
Updated-12 Sep, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tina search token leak via lock file in TinaCMS

Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix.

Action-Not Available
Vendor-tinatinacms
Product-tinatinacms
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-10099
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.69%
||
7 Day CHG~0.00%
Published-07 Aug, 2019 | 16:18
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.

Action-Not Available
Vendor-The Apache Software Foundation
Product-sparkApache Spark
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-0285
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-7.54% / 91.44%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 20:26
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.

Action-Not Available
Vendor-SAP SE
Product-crystal_reportsSAP Crystal Reports for Visual Studio
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2009-1603
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.05% / 76.66%
||
7 Day CHG~0.00%
Published-11 May, 2009 | 16:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.

Action-Not Available
Vendor-opensc-projectn/aFedora Project
Product-fedoraopenscn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-39732
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.03% / 7.92%
||
7 Day CHG+0.01%
Published-14 Jul, 2024 | 12:39
Updated-18 Sep, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Datacap Navigator information disclosure

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791.

Action-Not Available
Vendor-IBM Corporation
Product-datacapDatacap Navigator
CWE ID-CWE-316
Cleartext Storage of Sensitive Information in Memory
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-40582
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.90%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 00:00
Updated-17 Apr, 2025 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.

Action-Not Available
Vendor-pentamindsn/a
Product-curovmsn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-3742
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-7.80% / 91.61%
||
7 Day CHG+0.60%
Published-18 Apr, 2024 | 22:15
Updated-01 Aug, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information

Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.

Action-Not Available
Vendor-Electrolinkelectrolink
Product-VHF TV TransmitterDigital FM TransmitterUHF TV TransmitterCompact FM TransmitterCompact DAB TransmitterHigh Power DAB TransmitterMedium DAB TransmitterModular FM Transmitterhigh power dab transmitterdigital fm transmittermedium dab transmittermodular fm transmittervhf tv transmittercompact fm transmittercompact dab transmitter
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-8947
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.86% / 94.69%
||
7 Day CHG~0.00%
Published-25 Mar, 2018 | 16:00
Updated-05 Aug, 2024 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.

Action-Not Available
Vendor-laravel_log_viewer_projectn/a
Product-laravel_log_viewern/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-33892
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.62%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 00:00
Updated-03 Sep, 2024 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3

Action-Not Available
Vendor-hms-networksn/ahms-networks
Product-ewon_cosy\+_4g_euewon_cosy\+_firmwareewon_cosy\+_ethernetewon_cosy\+_4g_apacewon_cosy\+_4g_jpewon_cosy\+_4g_naewon_cosy\+_wifin/aewon_cosy_firmware
CWE ID-CWE-281
Improper Preservation of Permissions
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-10682
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.37%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 15:01
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

django-nopassword before 5.0.0 stores cleartext secrets in the database.

Action-Not Available
Vendor-django-nopassword_projectn/a
Product-django-nopasswordn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2015-1012
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.19%
||
7 Day CHG~0.00%
Published-25 Mar, 2019 | 18:20
Updated-06 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.

Action-Not Available
Vendor-pfizerHospira
Product-lifecare_pca_infusion_system_firmwarelifecare_pca_infusion_systemLifeCare PCA Infusion System
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-28387
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.40%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 00:00
Updated-02 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component.

Action-Not Available
Vendor-n/aaxonaut
Product-n/aaxonaut
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2024-24375
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.62%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 00:00
Updated-30 Apr, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter.

Action-Not Available
Vendor-jfinalcms_projectn/ajfinalcms_project
Product-jfinalcmsn/ajfinalcms
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-22084
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.72%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 00:00
Updated-16 Apr, 2025 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files.

Action-Not Available
Vendor-elspec-ltdn/aelspec
Product-g5dfrg5dfr_firmwaren/ag5_digital_fault_recorder
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-37857
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.12%
||
7 Day CHG~0.00%
Published-08 Sep, 2022 | 15:17
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default.

Action-Not Available
Vendor-hauk_projectn/a
Product-haukn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-6400
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.56%
||
7 Day CHG~0.00%
Published-04 Oct, 2024 | 11:12
Updated-12 Nov, 2024 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext Storage of Username and Password in Finrota's Netahsilat

Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03.

Action-Not Available
Vendor-finrotaFinrota
Product-finrotaNetahsilat
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-202
Exposure of Sensitive Information Through Data Queries
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2022-37785
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.26%
||
7 Day CHG~0.00%
Published-01 Jan, 2023 | 00:00
Updated-11 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins.

Action-Not Available
Vendor-wecube-platform_projectn/a
Product-wecube-platformn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-38112
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.60%
||
7 Day CHG~0.00%
Published-20 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive Information Disclosure Vulnerability

In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-database_performance_analyzerDatabase Performance Analyzer (DPA)
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-34924
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.71%
||
7 Day CHG~0.00%
Published-02 Aug, 2022 | 19:06
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp.

Action-Not Available
Vendor-landrayn/a
Product-landray_office_automationn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-51175
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.90%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 00:00
Updated-18 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in H3C switch h3c-S1526 allows a remote attacker to obtain sensitive information via the S1526.cfg component.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-29826
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.26% / 49.34%
||
7 Day CHG~0.00%
Published-24 Nov, 2022 | 23:22
Updated-25 Apr, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gx_works3Motion Control Setting(GX Works3 related software)GX Works3
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-19137
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.15%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 20:18
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".

Action-Not Available
Vendor-autumn_projectn/a
Product-autumnn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-7783
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.27%
||
7 Day CHG+0.01%
Published-29 Oct, 2024 | 12:49
Updated-31 Oct, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Storage of Sensitive Information in Bearer Token in mintplex-labs/anything-llm

mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of sensitive information poses significant security risks, as an attacker who gains access to the JWT can easily decode it and retrieve the password. The issue is fixed in version 1.0.3.

Action-Not Available
Vendor-mintplexlabsmintplex-labsminiplex_labs
Product-anythingllmmintplex-labs/anything-llmminiplex_labs\/anything_lim
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found