Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-27548

Summary
Assigner-HCL
Assigner Org ID-1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At-06 Jul, 2022 | 20:25
Updated At-16 Sep, 2024 | 18:12
Rejected At-
Credits

HCL Launch is vulnerable to information disclosure which can be read by a local user.

HCL Launch stores user credentials in plain clear text which can be read by a local user.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:HCL
Assigner Org ID:1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At:06 Jul, 2022 | 20:25
Updated At:16 Sep, 2024 | 18:12
Rejected At:
▼CVE Numbering Authority (CNA)
HCL Launch is vulnerable to information disclosure which can be read by a local user.

HCL Launch stores user credentials in plain clear text which can be read by a local user.

Affected Products
Vendor
HCL Technologies Ltd.HCL Software
Product
HCL Launch
Versions
Affected
  • 7.2.2.1, 7.1.2.6, 7.0.5.10
Problem Types
TypeCWE IDDescription
CWECWE-256CWE-256 Unprotected Storage of Credentials
Type: CWE
CWE ID: CWE-256
Description: CWE-256 Unprotected Storage of Credentials
Metrics
VersionBase scoreBase severityVector
3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099253
x_refsource_MISC
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099253
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099253
x_refsource_MISC
x_transferred
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099253
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@hcl.com
Published At:06 Jul, 2022 | 21:15
Updated At:14 Jul, 2022 | 17:28

HCL Launch stores user credentials in plain clear text which can be read by a local user.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
HCL Technologies Ltd.
hcltechsw
>>hcl_launch>>7.0.5.10
cpe:2.3:a:hcltechsw:hcl_launch:7.0.5.10:*:*:*:*:*:*:*
HCL Technologies Ltd.
hcltechsw
>>hcl_launch>>7.1.2.6
cpe:2.3:a:hcltechsw:hcl_launch:7.1.2.6:*:*:*:*:*:*:*
HCL Technologies Ltd.
hcltechsw
>>hcl_launch>>7.2.2.1
cpe:2.3:a:hcltechsw:hcl_launch:7.2.2.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-522Primarynvd@nist.gov
CWE-256Secondarypsirt@hcl.com
CWE ID: CWE-522
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-256
Type: Secondary
Source: psirt@hcl.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099253psirt@hcl.com
Vendor Advisory
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099253
Source: psirt@hcl.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

286Records found
CVE-2022-22554
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.72%
||
7 Day CHG~0.00%
Published-24 Jan, 2022 | 20:10
Updated-16 Sep, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords.

Action-Not Available
Vendor-Dell Inc.
Product-emc_system_updateDellEMC System Update - DSU
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-39046
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 15:40
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_process_managerBusiness Process ManagerBusiness Automation Workflow
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-6694
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.76%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ultra_services_platformCisco Ultra Services Platform
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-38938
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 4.38%
||
7 Day CHG~0.00%
Published-15 Mar, 2024 | 15:38
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Host Access Transformation Services information disclosure

IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 210989.

Action-Not Available
Vendor-IBM Corporation
Product-host_access_transformation_servicesHost Access Transformation Services
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-38863
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.23%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 16:05
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_bridgeSecurity Verify Bridge
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-39045
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.07% / 22.18%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 19:00
Updated-16 Sep, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-38976
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 9.95%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelsecurity_guardium_key_lifecycle_managerwindowssecurity_key_lifecycle_manageraixSecurity Key Lifecycle Manager
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-5704
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.96%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 21:00
Updated-05 Aug, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges.

Action-Not Available
Vendor-Intel Corporation
Product-core_i7core_i5core_i3Intel Core Processor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-3789
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-4.2||MEDIUM
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.

Action-Not Available
Vendor-binatoneglobalMotorola Mobility LLC. (Lenovo Group Limited)
Product-cn50comfort_85_connect_firmwarecomfort_50_connectcn28mbp3855halo\+_camera_firmwarelux_65_firmwarecn40cn28_firmwarecomfort_85_connectmbp3855_firmwarecomfort_40focus_72r_firmwarembp3667comfort_50_connect_firmwarembp3667_firmwarecn50_firmwareconnect_view_65focus_68_firmwarelux_85_connect_firmwarembp4855_firmwarelux_64_firmwarecn40_firmwarecn75comfort_40_firmwarelux_64focus_72rconnect_20mbp4855lux_65mbp6855focus_68ease44halo\+_camerambp669_connect_firmwareconnect_view_65_firmwareease44_firmwarembp669_connectconnect_20_firmwarecn75_firmwarembp6855_firmwarelux_85_connectBinatone Hubble Cameras
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-26133
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.16%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 16:49
Updated-04 Feb, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EventStoreDB Projections Subsystem has potential password leak

EventStoreDB (ESDB) is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affected by this vulnerability. User passwords may become accessible to those who have access to the chunk files on disk, and users who have read access to system streams. Only users in the `$admins` group can access system streams by default. ESDB 23.10.1, 22.10.5, 21.10.11, and 20.10.6 contain a patch for this issue. Users should upgrade EventStoreDB, reset the passwords for current and previous members of `$admins` and `$ops` groups, and, if a password was reused in any other system, reset it in those systems to a unique password to follow best practices. If an upgrade cannot be done immediately, reset the passwords for current and previous members of `$admins` and `$ops` groups. Avoid creating custom projections until the patch has been applied.

Action-Not Available
Vendor-kurrentEventStore
Product-eventstoredbEventStore
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-18843
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 15:44
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6800d7000d7000_firmwarer6700r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-28090
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.89%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 18:45
Updated-03 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An HPE OneView appliance dump may expose SNMPv3 read credentials

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-oneviewHPE OneView
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-18844
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.11% / 30.38%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 15:43
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6800d7000d7000_firmwarer6700r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-18845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 15:42
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38 and R6800 before 1.1.0.38.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700_firmwarer6800r6800_firmwarer6700n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-34700
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.03%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 15:20
Updated-07 Nov, 2024 | 22:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Information Disclosure Vulnerability

A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficiently controlled. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the web UI of an affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-34560
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.47%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 10:32
Updated-16 Sep, 2024 | 23:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A vulnerability in WirelessHART-Gateway <= 3.0.9 could lead to information exposure of sensitive information

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.

Action-Not Available
Vendor-pepperl-fuchsPhoenix Contact GmbH & Co. KG
Product-wha-gw-f2d2-0-as-z2-eth_firmwarewha-gw-f2d2-0-as-z2-eth.eipwha-gw-f2d2-0-as-z2-eth.eip_firmwarewha-gw-f2d2-0-as-z2-ethWHA-GW-F2D2-0-AS- Z2-ETHWHA-GW-F2D2-0-AS- Z2-ETH.EIP
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-2751
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4.6||MEDIUM
EPSS-4.38% / 88.55%
||
7 Day CHG~0.00%
Published-03 Oct, 2018 | 20:00
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.

Action-Not Available
Vendor-HP Inc.
Product-hp_250_g1_notebook_pchp_240_g1hp_envy_17_j100_firmwarehp_15-r000_firmwarehp_g14-a000hp_14-r000hp_pavilion_14-n000_firmwarehp_envy_15-j100hp_455_firmwarehp_envy_15-j000_firmwarecompaq_cq45-900hp_246_g3hp_split_13-g200hp_246hp_pavilion_10-f000_firmwarehp_15-r000compaq_14-s000_firmwarehp_255_g1_notebook_pchp_envy_17-j100_leap_motion_se_firmwarehp_pavilion_11-n000_firmwarehp_envy_m6-n000_firmwarehp_split_13-g200_firmwarehp_246_firmwarehp_pavilion_15-n300_firmwarehp_1000-1300_firmwarehp_pavilion_11-n000hp_spectre_13-h200hp_240_g3_firmwarehp_14-g000hp_envy_100hp_pavilion_15-n000hp_1000-1300hp_14-r000_firmwarehp_pavilion_15-n200_firmwarehp_envy_17-j100_leap_motion_sehp_pavilion_10-f000hp_255_g1_notebook_pc_firmwarehp_pavilion_15-n300hp_envy_14-k100compaq_cq45-900_firmwarecompaq_14-s000hp_455hp_255_g3_firmwarehp_envy_17_j100hp_245_g1hp_spectre_13-h200_firmwarehp_14-g000_firmwarecompaq_14-h000hp_envy_14-k100_firmwarehp_pavilion_14-n000hp_15-r500_firmwarehp_246_g3_firmwarehp_15-r500hp_g14-a000_firmwarehp_envy_15-j100_firmwarehp_envy_100_firmwarehp_pavilion_15-n000_firmwarehp_255_g3hp_240_g3hp_spectre_x2_13-smb_pro_firmwarehp_spectre_x2_13-smb_procompaq_14-h000_firmwarehp_245_g1_firmwarehp_envy_m6-n000hp_240_g1_firmwarehp_250_g1_notebook_pc_firmwarehp_pavilion_15-n200hp_envy_15-j000HP 240 G1 Notebook PC and certain other consumer notebooks
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-25024
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.23%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 02:42
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Suite Software information disclosure

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_suitecloud_pak_for_securityCloud Pak for SecurityQRadar Suite Software
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2017-18777
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:42
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by administrative password disclosure. This affects D6220 before V1.0.0.28, D6400 before V1.0.0.60, D8500 before V1.0.3.29, DGN2200v4 before 1.0.0.82, DGN2200Bv4 before 1.0.0.82, R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwarer7100lgr7900wndr3400d6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwaredgn2200r7000_firmwared6400_firmwarer7300dstd6220_firmwarer6300_firmwared8500_firmwaredgn2200b_firmwarer8500d8500wndr3400_firmwaredgn2200br6700r8300_firmwarer7000wnr3500l_firmwarer6900d6400wnr3500ldgn2200_firmwarer6900_firmwarer7900_firmwarer6300r6400r6700_firmwarer8000_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-1779
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.89%
||
7 Day CHG~0.00%
Published-29 Jan, 2018 | 16:00
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-33107
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.14% / 35.31%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-core_i7-8850hcore_i5-10610u_firmwarecore_i3-10100core_i9-10910_firmwarecore_i9-8950hk_firmwareh470w480ecore_i5-1038ng7core_i5-10400t_firmwarecore_i9-7900xcore_i9-9900kscore_i5_10110y_firmwarecore_i7-10510ycore_i7-10710u_firmwarecore_i3_9100_firmwarez370core_i7_8560ub560core_i9-9800x_firmwarecore_i3_9300core_i9-7920xcore_i3-10100_firmwarew580core_i9-10900_firmwarecore_i9-9960xcore_i9-7960x_firmwarecore_i3_8300t_firmwarecore_i9-10900tecore_i9-8950hkcore_i5-1030g4_firmwarecore_i3-10100yh410core_i3_9300tcore_i5-10600tcore_i5-10600kf_firmwareh270c627core_i7-10875h_firmwarec627acore_i5_9500core_i9-10900e_firmwareb460c625core_i3_9100tc621acore_i5_8400t_firmwarecore_i9-9920xcore_i9-9900kf_firmwarecore_i7-8709gcore_i9-10910core_i5-10600t_firmwarecore_i5_8500_firmwarecore_i5-10300h_firmwarecore_i9_9900core_i9-10900tcore_i3-10100t_firmwareh420ecore_i7-10700f_firmwarecore_i5-10500t_firmwarecore_i7-10700tecore_i5-10600_firmwarecore_i9-10900kcore_i3_8350k_firmwarecore_i3-10105core_i5_9600tcore_i7_8565u_firmwarecore_i9-10900kf_firmwarecore_i7-8550ucore_i5-10400tcore_i7_8550ucore_i7-10810u_firmwarecore_i9-10920x_firmwarecore_i9-10940xcore_i9-9880h_firmwarecore_i7_1060ng7_firmwarec246core_i9-10900xc629acore_i3-8300q470ecore_i7-10700kfcore_i9_9900kfcore_i5-10110y_firmwarecore_i7_9700t_firmwarecore_i3_9350kq150c232core_i9-10900te_firmwarecore_i7_9700k_firmwarecore_i3_9300t_firmwarecore_i7-1065g7core_i5-10500hcore_i3_9100t_firmwarecore_i5_10210ycore_i5-10600kfcore_i3-1000g1core_i7-10700_firmwareq470core_i5-1035g1_firmwarecore_i5_8600kcore_i3-1005g1core_i7-1068ng7core_i5-1038ng7_firmwarec626core_i9-10850hz270core_i3-10305t_firmwarecore_i5_8500core_i3-10100ec236core_i9_firmwarecore_i9-10850k_firmwarecore_i3_9300_firmwarecore_i7-10700kf_firmwarecore_i5_9500_firmwarecore_i7-10700q570core_i3_8100tcore_i5_8600t_firmwarecore_i7_1060g7core_i7-10610u_firmwarecore_i5-10500e_firmwareq170core_i7_8700core_i7_9700f_firmwarecore_i9-9940x_firmwarec422core_i5_9500t_firmwarecore_i5_8500tcore_i3-8145ucore_i5-10400core_i3_9350k_firmwareactive_management_technology_software_development_kitcore_i7-8700kc621core_i5_l16g7_firmwarecore_i9core_i7-10870h_firmwarecore_i5_8600core_i3_8350kcore_i7_8700t_firmwarecore_i3-8109ucore_i5_9600core_i7-10810ucore_i3-10300tcore_i3-8100core_i5_9400t_firmwarecore_i5_8400tcore_i3-8145uecore_i5_8600_firmwarecore_i7-10700te_firmwarecore_i7-10700ecore_i5-8350ucore_i5_9500fcore_i7_1068ng7core_i7_8650ucore_i3_8100core_i3-10100tecore_i7-10700tcore_i9-9900kfcore_i9_9900tcore_i3_firmwarecore_i5-10210u_firmwarecore_i5-10500ecore_i7-10750hcore_i9-10850kcore_i3-10100te_firmwarecore_i7_8550u_firmwarecore_i5_9600_firmwarecore_i7-1060ng7core_i5-10600k_firmwarecore_i5_9400fcore_i3-8100hcore_i9-10900ecore_i5-10610ucore_i7-8706gc624core_i5-8250ucore_i3-10110y_firmwarecore_i5_8400core_i9_9900_firmwarecore_i9-7980xe_firmwareq250core_i3_8300tcore_i5-10500tec242core_i9-10920xcore_i5-10210y_firmwarecore_i5_m480_firmwarecore_i7-8700bcore_i5-10500tcm246core_i7_1065g7_firmwarecore_i5-10310ucore_i9-10885hcore_i5-10600core_i5-10500_firmwarexeoncore_i7-8557ucore_i5-10310ycore_i7_8560u_firmwarecore_i5-10310y_firmwarecore_i5\+8400h510core_i7-10750h_firmwarecore_i3_9100core_i7_10510ycore_i9-9820x_firmwarecore_i7-10700kcore_i5-1030g7core_i9_9880hcore_i9-10980hkcm236core_i7_1060g7_firmwarecore_i5_9600kcore_i9-9880hcore_i3-1000g1_firmwarecore_i5core_i7-10700k_firmwarecore_i7_1068ng7_firmwarecore_i9-10900t_firmwarez170core_i5_l16g7core_i3-10305_firmwarecore_i7-8665uecore_i3-10325_firmwarecore_i3-8130ucore_i7-10510y_firmwarecore_i7_8700_firmwarecore_i3-8300tcore_i5-1035g4core_i5-1030ng7core_i9_9980hkcore_i7-1060ng7_firmwarecore_i7_8559u_firmwarecore_i7-1060g7_firmwarecore_i7-8650ucore_i7-8500ycore_i7-1068ng7_firmwarecore_i5-10200hcore_i9-9900kcore_i7-8705gcore_i9-7960xcore_i5-10400fcore_i7_9700kfcore_i7_9700tcore_i5_9600k_firmwarecore_i5-1035g7_firmwarecore_i7\+8700_firmwareh170core_i5_9600kf_firmwarecore_i7_9700_firmwarew480core_i5_9400tcore_i7-8706g_core_i9-9900core_i9-9820xcore_i5_9600t_firmwarecore_i5_9600kfcore_i3h570core_i3-10320_firmwarecore_i7_8700kcore_i5_10310ycore_i9_9900ks_firmwarecore_i5_10310y_firmwarecore_i5_9400core_i3-10320b250core_i3-10110ycore_i5-1035g7pentium_gold_g5400core_i3-10105fcore_i5-8305gcore_i5_8500t_firmwaresetup_and_configuration_softwarecore_i7-10875hcore_i7-8750hcore_i5-10400hcore_i3_8100fcore_i7_10510y_firmwarecore_i7-8665ucore_i3-10100e_firmwarecore_i3-10305tcore_i5-10505_firmwarecore_i7_8700k_firmwarecore_i9-7940x_firmwarecore_i9-9940xcore_i3-8140ucore_i9-9980xe_firmwareh110core_i7_9700fcore_i9-9900t_firmwarecore_i9-7940xcore_i9-9900xcore_i3-8350kcore_i5-10110ycore_i7-8086kcore_i5-10600kc628core_i9-7900x_firmwarecore_i7-10850hcore_i3-1005g1_firmwarecore_i9-9900x_firmwarecore_i5-10500te_firmwarecore_i3-10300t_firmwarex299xeon_firmwarecore_i3-10105tcore_i9-9900k_firmwarecore_i5_9500tcore_i7-10510u_firmwarecore_i3-8100bcore_i3-1000g4core_i3-10105t_firmwarecore_i5-10400h_firmwarecore_i3-10100f_firmwarecore_i9-10900f_firmwarecore_i9-10900kfcore_i3-10100tcore_i9-9980hk_firmwarecore_i5-8600kcore_i7_1065g7core_i7-8700tcore_i3_9320core_i9-9980hkcore_i9_9980hk_firmwarec622z490core_i9_9900kcore_i5-1035g4_firmwarecore_i7-10700e_firmwarecm238core_i3_8100f_firmwarecore_i7-10610ucore_i5-1030g7_firmwarecore_i7_firmwarecore_i7-8559ucore_i9-10850h_firmwarecore_i9-9920x_firmwarecore_i9_9880h_firmwarecore_i5-10400f_firmwarecore_i5_10110ycore_i3_9350kf_firmwarecore_i7-1060g7core_i9-10980xe_firmwarecore_i3_8100_firmwarecore_i5_9400_firmwarecore_i7_8086kcore_i7_8565ucore_i7_8500y_firmwarecore_i7-8569ucore_i7-10700t_firmwarecore_i3-10325core_i9-7920x_firmwarecore_i9-9900tceleron_4205ucore_i9-9980xecore_i7-8700core_i3-1000ng4_firmwarecore_i5-8400core_i7_9700kf_firmwarecore_i3-10105f_firmwarecore_i7-8809gcore_i3_8300core_i3-10105_firmwarecore_i3-1000ng4core_i5\+8500core_i7\+8700core_i9_9900kf_firmwarecore_i3-10110u_firmwarecore_i7-10850h_firmwarecore_i9-10980xecore_i7_1060ng7core_i3-10305core_i5-1035g1b150q270core_i3-10110ucore_i5-10505core_i9-10885h_firmwarec629core_i3-10100y_firmwarecore_i7_8086k_firmwarecore_i9-10900x_firmwarecore_i3_9100fceleron_4305ucore_i3_9350kfcore_i7_8650u_firmwarecore_i5_firmwarecore_i7-10710ucore_i5-10210ycore_i9-10900core_i3-1000g4_firmwarecore_i7-1065g7_firmwarecore_i5-10300hmanagement_engine_bios_extensioncore_i5-1030ng7_firmwarecore_i7_8700tcore_i5_8600k_firmwarecore_i3_9320_firmwarecore_i9-9900ks_firmwarecore_i3-10300core_i9-10900fcore_i9-9960x_firmwarecore_i5_9500f_firmwarecore_i5\+8400_firmwarecore_i7-8565ucore_i5-10310u_firmwarecore_i9-10940x_firmwarez590core_i5-1030g4core_i3-8100tcore_i5-10200h_firmwarecore_i7core_i5_10210y_firmwarecore_i9_9900kscore_i9-10980hk_firmwarecore_i7-10870hcore_i3-10100fcore_i7-10510ucore_i5-10400_firmwarecore_i9_9900k_firmwarecore_i9-9900_firmwarecore_i7_9700kcore_i3_8100t_firmwarecore_i3-10300_firmwarecore_i5-10500h_firmwarecore_i7_9700core_i9_9900t_firmwarecore_i5_8400_firmwarecore_i9-7980xecore_i7_8559ucore_i3_8300_firmwarecore_i5_m480core_i7-10700fcore_i5-10210ucore_i9-10900k_firmwarecore_i5\+8500_firmwareceleron_4305uecore_i5_9400f_firmwarecore_i3_9100f_firmwarecore_i5_8600tcore_i5-10500core_i7_8500ycore_i9-9800xIntel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-15272
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.40%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password.

Action-Not Available
Vendor-psftpn/a
Product-psftpdn/a
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-22312
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.54%
||
7 Day CHG~0.00%
Published-10 Feb, 2024 | 15:41
Updated-10 Jun, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Defender - Resiliency Service information disclosure

IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.

Action-Not Available
Vendor-IBM Corporation
Product-storage_defender_resiliency_serviceStorage Defender - Resiliency Service
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-15918
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.75%
||
7 Day CHG~0.00%
Published-01 Nov, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.

Action-Not Available
Vendor-ignitumn/a
Product-seran/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-29811
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.19% / 41.29%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 16:45
Updated-17 Sep, 2024 | 03:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user. IBM X-Force ID: 204329.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/omnibus_webguiTivoli Netcool/OMNIbus
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-27941
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.12% / 31.01%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 20:31
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process.

Action-Not Available
Vendor-coolkitn/a
Product-ewelinkn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-23207
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.24%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 18:17
Updated-16 Apr, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fresenius Kabi Agilia Connect Infusion System plaintext storage of a password

An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users.

Action-Not Available
Vendor-fresenius-kabiFresenius Kabi
Product-link\+_agilia_firmwarevigilant_insightagilia_connectvigilant_mastermedlink\+_agiliavigilant_centeriumagilia_partner_maintenance_softwareVigilant Software Suite (Mastermed Dashboard)Agilia Partner
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-54471
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-20 Mar, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-41023
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 18:26
Updated-25 Oct, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files

Action-Not Available
Vendor-Fortinet, Inc.Microsoft Corporation
Product-fortisiemwindowsFortinet FortiSIEMWindowsAgent
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-29959
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 29.06%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 12:23
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism.

Action-Not Available
Vendor-emersonn/a
Product-openbsin/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-29507
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 19:59
Updated-18 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-team_blueversion
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-49370
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.01% / 0.99%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:10
Updated-06 Nov, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing

Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine versions 4.1.7 and 3.1.16, the password is then set without hashing so it can be read by everyone. Everyone who combines PortalUser to PimcoreUsers and change passwords via profile settings could be affected. Versions 4.1.7 and 3.1.16 of the Pimcore portal engine fix the issue.

Action-Not Available
Vendor-Pimcore
Product-pimcorepimcorepimcore
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2021-29253
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.10% / 28.79%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 03:57
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks.

Action-Not Available
Vendor-n/aRSA Security LLC
Product-archern/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-1731
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 66.07%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PFX Encryption Security Feature Bypass Vulnerability

PFX Encryption Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-7030
Matching Score-4
Assigner-Avaya, Inc.
ShareView Details
Matching Score-4
Assigner-Avaya, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.58%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 23:45
Updated-16 Sep, 2024 | 22:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IPO Information Disclosure

A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.

Action-Not Available
Vendor-Avaya LLC
Product-ip_officeIP Office
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4602
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 9.96%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:10
Updated-17 Sep, 2024 | 03:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-522
Insufficiently Protected Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found