Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-32280

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-14 Feb, 2024 | 13:37
Updated At-14 Aug, 2024 | 17:50
Rejected At-
Credits

Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:14 Feb, 2024 | 13:37
Updated At:14 Aug, 2024 | 17:50
Rejected At:
â–¼CVE Numbering Authority (CNA)

Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access.

Affected Products
Vendor
n/a
Product
Intel(R) Server Product OpenBMC firmware
Default Status
unaffected
Versions
Affected
  • before versions egs-1.05
Problem Types
TypeCWE IDDescription
N/AN/Ainformation disclosure
CWECWE-522Insufficiently protected credentials
Type: N/A
CWE ID: N/A
Description: information disclosure
Type: CWE
CWE ID: CWE-522
Description: Insufficiently protected credentials
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00922.html
N/A
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00922.html
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00922.html
x_transferred
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00922.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Intel Corporationintel
Product
eagle_stream
CPEs
  • cpe:2.3:h:intel:eagle_stream:-:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before egs-1.05 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:14 Feb, 2024 | 14:15
Updated At:14 Jan, 2026 | 18:26

Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Intel Corporation
intel
>>openbmc>>Versions before egs-1.05(exclusive)
cpe:2.3:o:intel:openbmc:*:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_bronze_3408u>>-
cpe:2.3:h:intel:xeon_bronze_3408u:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_5403n>>-
cpe:2.3:h:intel:xeon_gold_5403n:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_5411n>>-
cpe:2.3:h:intel:xeon_gold_5411n:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_5412u>>-
cpe:2.3:h:intel:xeon_gold_5412u:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_5415\+>>-
cpe:2.3:h:intel:xeon_gold_5415\+:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_5416s>>-
cpe:2.3:h:intel:xeon_gold_5416s:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_5418n>>-
cpe:2.3:h:intel:xeon_gold_5418n:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_5418y>>-
cpe:2.3:h:intel:xeon_gold_5418y:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_5420\+>>-
cpe:2.3:h:intel:xeon_gold_5420\+:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_5423n>>-
cpe:2.3:h:intel:xeon_gold_5423n:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_5433n>>-
cpe:2.3:h:intel:xeon_gold_5433n:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6403n>>-
cpe:2.3:h:intel:xeon_gold_6403n:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6414u>>-
cpe:2.3:h:intel:xeon_gold_6414u:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6416h>>-
cpe:2.3:h:intel:xeon_gold_6416h:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6418h>>-
cpe:2.3:h:intel:xeon_gold_6418h:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6421n>>-
cpe:2.3:h:intel:xeon_gold_6421n:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6423n>>-
cpe:2.3:h:intel:xeon_gold_6423n:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6426y>>-
cpe:2.3:h:intel:xeon_gold_6426y:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6428n>>-
cpe:2.3:h:intel:xeon_gold_6428n:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6430>>-
cpe:2.3:h:intel:xeon_gold_6430:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6433n>>-
cpe:2.3:h:intel:xeon_gold_6433n:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6433ne>>-
cpe:2.3:h:intel:xeon_gold_6433ne:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6434>>-
cpe:2.3:h:intel:xeon_gold_6434:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6434h>>-
cpe:2.3:h:intel:xeon_gold_6434h:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6438m>>-
cpe:2.3:h:intel:xeon_gold_6438m:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6438n>>-
cpe:2.3:h:intel:xeon_gold_6438n:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6438y\+>>-
cpe:2.3:h:intel:xeon_gold_6438y\+:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6442y>>-
cpe:2.3:h:intel:xeon_gold_6442y:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6443n>>-
cpe:2.3:h:intel:xeon_gold_6443n:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6444y>>-
cpe:2.3:h:intel:xeon_gold_6444y:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6448h>>-
cpe:2.3:h:intel:xeon_gold_6448h:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6448y>>-
cpe:2.3:h:intel:xeon_gold_6448y:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6454s>>-
cpe:2.3:h:intel:xeon_gold_6454s:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_gold_6458q>>-
cpe:2.3:h:intel:xeon_gold_6458q:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8444h>>-
cpe:2.3:h:intel:xeon_platinum_8444h:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8450h>>-
cpe:2.3:h:intel:xeon_platinum_8450h:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8452y>>-
cpe:2.3:h:intel:xeon_platinum_8452y:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8454h>>-
cpe:2.3:h:intel:xeon_platinum_8454h:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8458p>>-
cpe:2.3:h:intel:xeon_platinum_8458p:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8460h>>-
cpe:2.3:h:intel:xeon_platinum_8460h:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8460y\+>>-
cpe:2.3:h:intel:xeon_platinum_8460y\+:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8461v>>-
cpe:2.3:h:intel:xeon_platinum_8461v:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8462y\+>>-
cpe:2.3:h:intel:xeon_platinum_8462y\+:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8468>>-
cpe:2.3:h:intel:xeon_platinum_8468:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8468h>>-
cpe:2.3:h:intel:xeon_platinum_8468h:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8468v>>-
cpe:2.3:h:intel:xeon_platinum_8468v:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8470>>-
cpe:2.3:h:intel:xeon_platinum_8470:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8470n>>-
cpe:2.3:h:intel:xeon_platinum_8470n:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>xeon_platinum_8471n>>-
cpe:2.3:h:intel:xeon_platinum_8471n:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-522Secondarysecure@intel.com
CWE ID: CWE-522
Type: Secondary
Source: secure@intel.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00922.htmlsecure@intel.com
Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00922.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00922.html
Source: secure@intel.com
Resource:
Vendor Advisory
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00922.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

61Records found
CVE-2020-8674
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.25% / 79.34%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 14:00
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-service_manageractive_management_technology_firmwareIntel(R) AMT and Intel(R) ISM
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-33146
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.30%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-09 Jan, 2026 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_controller_i225-lm_firmwareethernet_controller_i225-v_firmwareethernet_controller_i225-itethernet_adapter_complete_driverethernet_controller_i225-lmethernet_controller_i225-it_firmwareethernet_controller_i225-vIntel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmwareethernet_adapterethernet_controller_i225_manageability_firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-12494
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 56.73%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 13:28
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Beckhoff: Etherleak in TwinCAT RT network driver

Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.

Action-Not Available
Vendor-Beckhoff Automation GmbH & Co. KGIntel Corporation
Product-twincat82545em82546eb82547ei_82541pi8255982541gi82544gctwincat_driver82540ep82540em8255882547gi82544ei82546gb82547ei8255782545gm82541er82541eiTwinCat Driver for Intel 8255x (Tcl8255x.sys)TwinCat Driver for Intel 8254x (Tcl8254x.sys)
CWE ID-CWE-459
Incomplete Cleanup
CVE-2020-0535
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.86% / 75.05%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 14:00
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwareIntel(R) AMT
CWE ID-CWE-20
Improper Input Validation
CVE-2019-11174
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.49% / 65.55%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:37
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-hpcr1304wftysrbbs2600bpbhns2600bpb24rhpcr2208wf0zsrr1304wftysrhpcr2208wftzsrr2208wftzsrr2208wf0zsrr1208wftysr1304wf0ysr2224wfqzshns2600bpqbbs2600stqhpcr2312wftzsrhns2600bpbrhpcr2224wftzsrhns2600bpblchpcr2208wftzsrxbbs2600stbr2208wf0zsr2208wftzshns2600bpsrr1208wftysrr2208wftzsrxbbs2600stbrhns2600bpbrxr2312wf0nphns2600bpblcrs2600stbr2224wftzsrr2208wfqzsrr2224wftzsbbs2600bpqrbbs2600stqrr2208wfqzsbbs2600bpshns2600bpshpcr2312wf0nprhns2600bpq24rhns2600bpb24hns2600bps24hns2600bpq24hns2600bpblc24r2312wfqzshpcr1208wftysrs9256wk1hlchpchns2600bpsrbbs2600bpsrr2312wf0nprs2600stbrs2600wftrhns2600bpbhpcr2208wfqzsrs9248wk2hlcr1304wftysbbs2600bpbrs9248wk2hachpcr1208wfqysrhns2600bpblc24rs2600wf0rs2600stqrs9232wk1hlcs2600stqs9232wk2hacr2308wftzss9248wk1hlcs2600wfqrhpcr2308wftzsrr1208wfqysrhpchns2600bpbrr2312wftzsrr2308wftzsrhpcr1304wf0ysrhpchns2600bpqrs2600wf0hns2600bps24rs9232wk2hlchns2600bpqrs2600wfqbbs2600bpqr1304wf0ysrbaseboard_management_controller_firmwares2600wfthns2600bpb24rxr2312wftzsIntel(R) BMC
CVE-2019-11172
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.49% / 65.55%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:36
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-hpcr1304wftysrbbs2600bpbhns2600bpb24rhpcr2208wf0zsrr1304wftysrhpcr2208wftzsrr2208wftzsrr2208wf0zsrr1208wftysr1304wf0ysr2224wfqzshns2600bpqbbs2600stqhpcr2312wftzsrhns2600bpbrhpcr2224wftzsrhns2600bpblchpcr2208wftzsrxbbs2600stbr2208wf0zsr2208wftzshns2600bpsrr1208wftysrr2208wftzsrxbbs2600stbrhns2600bpbrxr2312wf0nphns2600bpblcrs2600stbr2224wftzsrr2208wfqzsrr2224wftzsbbs2600bpqrbbs2600stqrr2208wfqzsbbs2600bpshns2600bpshpcr2312wf0nprhns2600bpq24rhns2600bpb24hns2600bps24hns2600bpq24hns2600bpblc24r2312wfqzshpcr1208wftysrs9256wk1hlchpchns2600bpsrbbs2600bpsrr2312wf0nprs2600stbrs2600wftrhns2600bpbhpcr2208wfqzsrs9248wk2hlcr1304wftysbbs2600bpbrs9248wk2hachpcr1208wfqysrhns2600bpblc24rs2600wf0rs2600stqrs9232wk1hlcs2600stqs9232wk2hacr2308wftzss9248wk1hlcs2600wfqrhpcr2308wftzsrr1208wfqysrhpchns2600bpbrr2312wftzsrr2308wftzsrhpcr1304wf0ysrhpchns2600bpqrs2600wf0hns2600bps24rs9232wk2hlchns2600bpqrs2600wfqbbs2600bpqr1304wf0ysrbaseboard_management_controller_firmwares2600wfthns2600bpb24rxr2312wftzsIntel(R) BMC
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-11092
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 13.67%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-0180
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 13.67%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-0183
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-3.3||LOW
EPSS-0.05% / 14.14%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-0178
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-3.6||LOW
EPSS-0.04% / 13.67%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-0179
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 13.67%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-0182
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-3.3||LOW
EPSS-0.05% / 14.14%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-0175
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 13.67%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-0120
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 13.51%
||
7 Day CHG-0.00%
Published-17 May, 2019 | 15:41
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series may allow a privileged user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-celeron_n4000celeron_n2830pentium_silver_n5000n5000celeron_n2840pentium_silver_n5000_firmwareceleron_n3350_firmwarej4205_firmwareceleron_n2940_firmwareceleron_n2930celeron_n2840_firmwareceleron_n3450n3540_firmwareceleron_j4105celeron_j3160j3710_firmwaren5000_firmwareceleron_n3350celeron_j3160_firmwareatom_330celeron_n3450_firmwareceleron_j4005_firmwareceleron_n4100celeron_j3060_firmwareatom_230_firmwarepentium_silver_j5005j5005_firmwareatom_x5-e3940celeron_n3000celeron_n2930_firmwaren3530celeron_j3355_firmwarej3710celeron_j4005j5005atom_x5-e3930celeron_j3060celeron_j3355celeron_n4100_firmwareatom_x5-e3940_firmwareatom_x7-e3950celeron_j4105_firmwareatom_230n3530_firmwareceleron_n2940celeron_n2830_firmwarepentium_silver_j5005_firmwareatom_x5-e3930_firmwareatom_330_firmwareatom_x7-e3950_firmwarej4205celeron_n3000_firmwareceleron_n4000_firmwaren3540celeron_j3455celeron_j3455_firmwareIntel(R) Unified Extensible Firmware Interface (UEFI)
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-41614
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.99%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-on_event_seriesIntel(R) ON Event Series Android application
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-40685
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.70%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_center_managerIntel(R) DCM software
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-30601
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.68% / 82.19%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 00:00
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwarestandard_manageabilityIntel(R) AMT and Intel(R) Standard Manageability
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-30944
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.55%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 00:00
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwarestandard_manageabilityIntel(R) AMT and Intel(R) Standard Manageability
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-29507
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.99%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 19:59
Updated-18 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-team_blueversion
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-30296
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.80% / 74.19%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 19:59
Updated-25 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-datacenter_group_eventversion
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-26844
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.84%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 19:58
Updated-25 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-single_event_apiversion
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-5704
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.08%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 21:00
Updated-05 Aug, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges.

Action-Not Available
Vendor-Intel Corporation
Product-core_i7core_i5core_i3Intel Core Processor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-33107
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.07% / 20.47%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-core_i7-8850hcore_i5-10610u_firmwarecore_i3-10100core_i9-10910_firmwarecore_i9-8950hk_firmwareh470w480ecore_i5-1038ng7core_i5-10400t_firmwarecore_i9-7900xcore_i9-9900kscore_i5_10110y_firmwarecore_i7-10510ycore_i7-10710u_firmwarecore_i3_9100_firmwarez370core_i7_8560ub560core_i9-9800x_firmwarecore_i3_9300core_i9-7920xcore_i3-10100_firmwarew580core_i9-10900_firmwarecore_i9-9960xcore_i9-7960x_firmwarecore_i3_8300t_firmwarecore_i9-10900tecore_i9-8950hkcore_i5-1030g4_firmwarecore_i3-10100yh410core_i3_9300tcore_i5-10600tcore_i5-10600kf_firmwareh270c627core_i7-10875h_firmwarec627acore_i5_9500core_i9-10900e_firmwareb460c625core_i3_9100tc621acore_i5_8400t_firmwarecore_i9-9920xcore_i9-9900kf_firmwarecore_i7-8709gcore_i9-10910core_i5-10600t_firmwarecore_i5_8500_firmwarecore_i5-10300h_firmwarecore_i9_9900core_i9-10900tcore_i3-10100t_firmwareh420ecore_i7-10700f_firmwarecore_i5-10500t_firmwarecore_i7-10700tecore_i5-10600_firmwarecore_i9-10900kcore_i3_8350k_firmwarecore_i3-10105core_i5_9600tcore_i7_8565u_firmwarecore_i9-10900kf_firmwarecore_i7-8550ucore_i5-10400tcore_i7_8550ucore_i7-10810u_firmwarecore_i9-10920x_firmwarecore_i9-10940xcore_i9-9880h_firmwarecore_i7_1060ng7_firmwarec246core_i9-10900xc629acore_i3-8300q470ecore_i7-10700kfcore_i9_9900kfcore_i5-10110y_firmwarecore_i7_9700t_firmwarecore_i3_9350kq150c232core_i9-10900te_firmwarecore_i7_9700k_firmwarecore_i3_9300t_firmwarecore_i7-1065g7core_i5-10500hcore_i3_9100t_firmwarecore_i5_10210ycore_i5-10600kfcore_i3-1000g1core_i7-10700_firmwareq470core_i5-1035g1_firmwarecore_i5_8600kcore_i3-1005g1core_i7-1068ng7core_i5-1038ng7_firmwarec626core_i9-10850hz270core_i3-10305t_firmwarecore_i5_8500core_i3-10100ec236core_i9_firmwarecore_i9-10850k_firmwarecore_i3_9300_firmwarecore_i7-10700kf_firmwarecore_i5_9500_firmwarecore_i7-10700q570core_i3_8100tcore_i5_8600t_firmwarecore_i7_1060g7core_i7-10610u_firmwarecore_i5-10500e_firmwareq170core_i7_8700core_i7_9700f_firmwarecore_i9-9940x_firmwarec422core_i5_9500t_firmwarecore_i5_8500tcore_i3-8145ucore_i5-10400core_i3_9350k_firmwareactive_management_technology_software_development_kitcore_i7-8700kc621core_i5_l16g7_firmwarecore_i9core_i7-10870h_firmwarecore_i5_8600core_i3_8350kcore_i7_8700t_firmwarecore_i3-8109ucore_i5_9600core_i7-10810ucore_i3-10300tcore_i3-8100core_i5_9400t_firmwarecore_i5_8400tcore_i3-8145uecore_i5_8600_firmwarecore_i7-10700te_firmwarecore_i7-10700ecore_i5-8350ucore_i5_9500fcore_i7_1068ng7core_i7_8650ucore_i3_8100core_i3-10100tecore_i7-10700tcore_i9-9900kfcore_i9_9900tcore_i3_firmwarecore_i5-10210u_firmwarecore_i5-10500ecore_i7-10750hcore_i9-10850kcore_i3-10100te_firmwarecore_i7_8550u_firmwarecore_i5_9600_firmwarecore_i7-1060ng7core_i5-10600k_firmwarecore_i5_9400fcore_i3-8100hcore_i9-10900ecore_i5-10610ucore_i7-8706gc624core_i5-8250ucore_i3-10110y_firmwarecore_i5_8400core_i9_9900_firmwarecore_i9-7980xe_firmwareq250core_i3_8300tcore_i5-10500tec242core_i9-10920xcore_i5-10210y_firmwarecore_i5_m480_firmwarecore_i7-8700bcore_i5-10500tcm246core_i7_1065g7_firmwarecore_i5-10310ucore_i9-10885hcore_i5-10600core_i5-10500_firmwarexeoncore_i7-8557ucore_i5-10310ycore_i7_8560u_firmwarecore_i5-10310y_firmwarecore_i5\+8400h510core_i7-10750h_firmwarecore_i3_9100core_i7_10510ycore_i9-9820x_firmwarecore_i7-10700kcore_i5-1030g7core_i9_9880hcore_i9-10980hkcm236core_i7_1060g7_firmwarecore_i5_9600kcore_i9-9880hcore_i3-1000g1_firmwarecore_i5core_i7-10700k_firmwarecore_i7_1068ng7_firmwarecore_i9-10900t_firmwarez170core_i5_l16g7core_i3-10305_firmwarecore_i7-8665uecore_i3-10325_firmwarecore_i3-8130ucore_i7-10510y_firmwarecore_i7_8700_firmwarecore_i3-8300tcore_i5-1035g4core_i5-1030ng7core_i9_9980hkcore_i7-1060ng7_firmwarecore_i7_8559u_firmwarecore_i7-1060g7_firmwarecore_i7-8650ucore_i7-8500ycore_i7-1068ng7_firmwarecore_i5-10200hcore_i9-9900kcore_i7-8705gcore_i9-7960xcore_i5-10400fcore_i7_9700kfcore_i7_9700tcore_i5_9600k_firmwarecore_i5-1035g7_firmwarecore_i7\+8700_firmwareh170core_i5_9600kf_firmwarecore_i7_9700_firmwarew480core_i5_9400tcore_i7-8706g_core_i9-9900core_i9-9820xcore_i5_9600t_firmwarecore_i5_9600kfcore_i3h570core_i3-10320_firmwarecore_i7_8700kcore_i5_10310ycore_i9_9900ks_firmwarecore_i5_10310y_firmwarecore_i5_9400core_i3-10320b250core_i3-10110ycore_i5-1035g7pentium_gold_g5400core_i3-10105fcore_i5-8305gcore_i5_8500t_firmwaresetup_and_configuration_softwarecore_i7-10875hcore_i7-8750hcore_i5-10400hcore_i3_8100fcore_i7_10510y_firmwarecore_i7-8665ucore_i3-10100e_firmwarecore_i3-10305tcore_i5-10505_firmwarecore_i7_8700k_firmwarecore_i9-7940x_firmwarecore_i9-9940xcore_i3-8140ucore_i9-9980xe_firmwareh110core_i7_9700fcore_i9-9900t_firmwarecore_i9-7940xcore_i9-9900xcore_i3-8350kcore_i5-10110ycore_i7-8086kcore_i5-10600kc628core_i9-7900x_firmwarecore_i7-10850hcore_i3-1005g1_firmwarecore_i9-9900x_firmwarecore_i5-10500te_firmwarecore_i3-10300t_firmwarex299xeon_firmwarecore_i3-10105tcore_i9-9900k_firmwarecore_i5_9500tcore_i7-10510u_firmwarecore_i3-8100bcore_i3-1000g4core_i3-10105t_firmwarecore_i5-10400h_firmwarecore_i3-10100f_firmwarecore_i9-10900f_firmwarecore_i9-10900kfcore_i3-10100tcore_i9-9980hk_firmwarecore_i5-8600kcore_i7_1065g7core_i7-8700tcore_i3_9320core_i9-9980hkcore_i9_9980hk_firmwarec622z490core_i9_9900kcore_i5-1035g4_firmwarecore_i7-10700e_firmwarecm238core_i3_8100f_firmwarecore_i7-10610ucore_i5-1030g7_firmwarecore_i7_firmwarecore_i7-8559ucore_i9-10850h_firmwarecore_i9-9920x_firmwarecore_i9_9880h_firmwarecore_i5-10400f_firmwarecore_i5_10110ycore_i3_9350kf_firmwarecore_i7-1060g7core_i9-10980xe_firmwarecore_i3_8100_firmwarecore_i5_9400_firmwarecore_i7_8086kcore_i7_8565ucore_i7_8500y_firmwarecore_i7-8569ucore_i7-10700t_firmwarecore_i3-10325core_i9-7920x_firmwarecore_i9-9900tceleron_4205ucore_i9-9980xecore_i7-8700core_i3-1000ng4_firmwarecore_i5-8400core_i7_9700kf_firmwarecore_i3-10105f_firmwarecore_i7-8809gcore_i3_8300core_i3-10105_firmwarecore_i3-1000ng4core_i5\+8500core_i7\+8700core_i9_9900kf_firmwarecore_i3-10110u_firmwarecore_i7-10850h_firmwarecore_i9-10980xecore_i7_1060ng7core_i3-10305core_i5-1035g1b150q270core_i3-10110ucore_i5-10505core_i9-10885h_firmwarec629core_i3-10100y_firmwarecore_i7_8086k_firmwarecore_i9-10900x_firmwarecore_i3_9100fceleron_4305ucore_i3_9350kfcore_i7_8650u_firmwarecore_i5_firmwarecore_i7-10710ucore_i5-10210ycore_i9-10900core_i3-1000g4_firmwarecore_i7-1065g7_firmwarecore_i5-10300hmanagement_engine_bios_extensioncore_i5-1030ng7_firmwarecore_i7_8700tcore_i5_8600k_firmwarecore_i3_9320_firmwarecore_i9-9900ks_firmwarecore_i3-10300core_i9-10900fcore_i9-9960x_firmwarecore_i5_9500f_firmwarecore_i5\+8400_firmwarecore_i7-8565ucore_i5-10310u_firmwarecore_i9-10940x_firmwarez590core_i5-1030g4core_i3-8100tcore_i5-10200h_firmwarecore_i7core_i5_10210y_firmwarecore_i9_9900kscore_i9-10980hk_firmwarecore_i7-10870hcore_i3-10100fcore_i7-10510ucore_i5-10400_firmwarecore_i9_9900k_firmwarecore_i9-9900_firmwarecore_i7_9700kcore_i3_8100t_firmwarecore_i3-10300_firmwarecore_i5-10500h_firmwarecore_i7_9700core_i9_9900t_firmwarecore_i5_8400_firmwarecore_i9-7980xecore_i7_8559ucore_i3_8300_firmwarecore_i5_m480core_i7-10700fcore_i5-10210ucore_i9-10900k_firmwarecore_i5\+8500_firmwareceleron_4305uecore_i5_9400f_firmwarecore_i3_9100f_firmwarecore_i5_8600tcore_i5-10500core_i7_8500ycore_i9-9800xIntel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-5700
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.80%
||
7 Day CHG~0.00%
Published-11 Oct, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.

Action-Not Available
Vendor-Intel Corporation
Product-nuc7i3bnhnuc7i3bnk_firmwarenuc7i3bnh_firmwarenuc7i3bnknuc7i7bnh_firmwarenuc7i7bnhnuc7i5bnknuc7i5bnh_firmwarenuc7i5bnhnuc7i5bnk_firmwareNUC Kits
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-12309
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.08% / 23.21%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 17:58
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ssd_dc_p4800xssd_dc_p4101_firmwaressd_dc_p4510ssd_pro_5450s_firmwaressd_e_5100soptane_ssd_905poptane_ssd_900pssd_pro_5400sssd_660p_firmwaressd_pro_5400s_firmwaressd_dc_p4610ssd_dc_p4510_firmwaressd_pro_6000p_firmwareoptane_ssd_900p_firmwaressd_760p_firmwaressd_dc_p4101ssd_dc_p4801x_firmwaressd_dc_p4800x_firmwaressd_660pssd_pro_7600pssd_760pssd_pro_6000pssd_pro_5450sssd_e_6100pssd_e_6100p_firmwaressd_dc_p4610_firmwareoptane_ssd_905p_firmwaressd_dc_p4801xssd_e_5100s_firmwaressd_pro_7600p_firmwareIntel(R) Client SSDs and some Intel(R) Data Center SSDs
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-12333
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.16%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:17
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel(R) QAT for Linux
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-12316
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.99%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:14
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-endpoint_management_assistantIntel(R) EMA
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-0540
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-1.99% / 83.65%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 14:00
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwareIntel(R) AMT
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-26341
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.30% / 52.94%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:47
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-manageability_commanderactive_management_technology_software_development_kitendpoint_management_assistantIntel(R) AMT SDK, Intel(R) EMA and Intel(R) MC
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-44758
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 28.71%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 06:00
Updated-18 Sep, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper credential handling

BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_insights_for_vulnerability_remediationBigFix Insights for Vulnerability Remediation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-42172
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.14%
||
7 Day CHG~0.00%
Published-11 Jan, 2025 | 06:44
Updated-16 May, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL MyXalytics is affected by broken authentication

HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infrastructure, and web applications.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-dryice_myxalyticsDRYiCE MyXalytics
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-3783
Matching Score-4
Assigner-curl
ShareView Details
Matching Score-4
Assigner-curl
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 4.15%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 10:09
Updated-12 Mar, 2026 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
token leak with redirect and netrc

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.

Action-Not Available
Vendor-CURL
Product-curlcurl
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-13187
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 9.07%
||
7 Day CHG-0.03%
Published-14 Nov, 2025 | 22:02
Updated-04 Feb, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Intelbras ICIP acessodeusuario.xml credentials storage

A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-intelbrasIntelbras
Product-icip_30_firmwareicip_30ICIP
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-10879
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.04% / 13.57%
||
7 Day CHG~0.00%
Published-25 Sep, 2025 | 16:31
Updated-29 Sep, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficiently Protected Credentials in Dingtian DT-R002

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication.

Action-Not Available
Vendor-dingtian-techDingtian
Product-dt-r002_firmwaredt-r002DT-R002
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-21239
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.05%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:31
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-21237
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.05%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:33
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-7813
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.30% / 53.75%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 03:00
Updated-19 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System Profile Image insufficiently protected credentials

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-prison_management_systemPrison Management Systemprison_management_system
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-27773
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:03
Updated-05 Mar, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SWITCH EV swtchenergy.com Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Action-Not Available
Vendor-swtchenergySWITCH EV
Product-swtchenergy.comswtchenergy.com
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-25774
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:15
Updated-08 Apr, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EV Energy ev.energy Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Action-Not Available
Vendor-ev.energyEV Energy
Product-ev.energyev.energy
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-22890
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 23:50
Updated-05 Mar, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EV2GO ev2go.io Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Action-Not Available
Vendor-ev2goEV2GO
Product-ev2go.ioev2go.io
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-22911
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 7.48%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 13:02
Updated-23 Jan, 2026 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.

Action-Not Available
Vendor-SICK AG
Product-tdc-x401gltdc-x401gl_firmwareTDC-X401GL
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-22878
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:25
Updated-05 Mar, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mobility46 mobility46.se Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Action-Not Available
Vendor-mobility46Mobility46
Product-mobility46.semobility46.se
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-20733
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 23:38
Updated-31 Mar, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CloudCharge cloudcharge.se Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Action-Not Available
Vendor-cloudchargeCloudCharge
Product-cloudcharge.secloudcharge.se
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-30169
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-5.3||MEDIUM
EPSS-0.95% / 76.44%
||
7 Day CHG~0.00%
Published-28 Apr, 2021 | 09:30
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Sensitive Data Exposure-2

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.

Action-Not Available
Vendor-meritlilinMERIT LILIN ENT.CO.,LTD.
Product-p2g1022x_firmwarep2r8822e4_firmwarep3r6322e2_firmwarez2r6422ax-pz3r6422x3z2r6452ax-pp3r8822e2z2r8152x2-p_firmwarep2r6522e2_firmwarez2r8852ax_firmwarep2r6822e2p2g1022z2r8152x-pp3r6522e2_firmwarez2r6522xz2r8152x2-pp2r6852e4p2g1022_firmwarep2r8852e2z2r6422axz3r8922x3p2r6322ae2p2r6852e2_firmwarep2r6522e4p2r6352ae2_firmwarez2r8852axp2r8852e4_firmwarep2r6322ae2_firmwarez2r8822ax_firmwarez2r6522x_firmwarep2g1022xz3r6422x3_firmwarep2r6522e2z2r8122x2-pp2r6822e4p2r6552e4_firmwarez2r8022ex25z2r8052ex25z2r8822axp2r8822e2p2r6552e2z2r8122x-p_firmwarez2r6422ax-p_firmwarep2r6552e2_firmwarez2r6422ax_firmwarep2r6352ae4_firmwarez2r6552xp2r8852e2_firmwarez2r6552x_firmwarez2r8152x-p_firmwarez2r6452axp2r3052ae2_firmwarep2g1052_firmwarez2r8122x-pp2r6852e2p2r3022ae2_firmwarep2r3052ae2p2r6322ae4_firmwarep3r6322e2p2r6822e2_firmwarep2r8822e2_firmwarez2r6452ax_firmwarep2r6352ae2z2r8022ex25_firmwarep2r6322ae4p2r3022ae2p3r6522e2z3r6522xp2r8822e4p2r6852e4_firmwarep2r6552e4z3r6522x_firmwarep3r8822e2_firmwarep2g1052p2r8852e4z2r8122x2-p_firmwarep2r6822e4_firmwarep2r6522e4_firmwarez2r6452ax-p_firmwarez3r8922x3_firmwarep2r6352ae4z2r8052ex25_firmwareP2/Z2/P3/Z3 IP camera firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-7565
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 23.41%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 02:44
Updated-17 Jul, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-lb-linkLB-LINK
Product-bl-ac3600_firmwarebl-ac3600BL-AC3600
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-47109
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.00%
||
7 Day CHG-0.00%
Published-10 Mar, 2025 | 16:01
Updated-01 Sep, 2025 | 01:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling File Gateway information disclosure

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.

Action-Not Available
Vendor-IBM Corporation
Product-Sterling File Gateway
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-47162
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-4.1||MEDIUM
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-19 Sep, 2024 | 17:20
Updated-24 Sep, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-54467
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.44%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 12:29
Updated-17 Sep, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NeuVector process with sensitive arguments lead to leakage

When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log.

Action-Not Available
Vendor-SUSE
Product-neuvector
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-53667
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.73%
||
7 Day CHG-0.01%
Published-09 Jul, 2025 | 15:39
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Action-Not Available
Vendor-Jenkins
Product-dead_man\'s_snitchJenkins Dead Man's Snitch Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-42897
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 9.11%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 00:19
Updated-12 Nov, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure vulnerability in SAP Business One (SLD)

Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the integrity and availability.

Action-Not Available
Vendor-SAP SE
Product-SAP Business One (SLD)
CWE ID-CWE-522
Insufficiently Protected Credentials
  • Previous
  • 1
  • 2
  • Next
Details not found