Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-43625

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-01 Jun, 2026 | 18:46
Updated At-01 Jun, 2026 | 21:19
Rejected At-
Credits

CodexBar < 0.32.0 Session Cookie Exposure via HTTP Redirect

CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive cleartext HTTP requests carrying imported session cookies when a provider-controlled redirect target issues a redirect to a cleartext HTTP endpoint within the same provider domain.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:01 Jun, 2026 | 18:46
Updated At:01 Jun, 2026 | 21:19
Rejected At:
â–¼CVE Numbering Authority (CNA)
CodexBar < 0.32.0 Session Cookie Exposure via HTTP Redirect

CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive cleartext HTTP requests carrying imported session cookies when a provider-controlled redirect target issues a redirect to a cleartext HTTP endpoint within the same provider domain.

Affected Products
Vendor
steipete
Product
CodexBar
Repo
https://github.com/steipete/CodexBar
Default Status
affected
Versions
Affected
  • From 0 before 0.32.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-319Cleartext Transmission of Sensitive Information
Type: CWE
CWE ID: CWE-319
Description: Cleartext Transmission of Sensitive Information
Metrics
VersionBase scoreBase severityVector
4.08.2HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 4.0
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Chia Min Jun Lennon
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/steipete/CodexBar/releases/tag/v0.32.0
release-notes
https://github.com/steipete/CodexBar/pull/1226
issue-tracking
https://github.com/steipete/CodexBar/commit/cdd7e347c1cf616615f18aa2ac52ba2ec9cab332
patch
https://www.vulncheck.com/advisories/codexbar-session-cookie-exposure-via-http-redirect
third-party-advisory
Hyperlink: https://github.com/steipete/CodexBar/releases/tag/v0.32.0
Resource:
release-notes
Hyperlink: https://github.com/steipete/CodexBar/pull/1226
Resource:
issue-tracking
Hyperlink: https://github.com/steipete/CodexBar/commit/cdd7e347c1cf616615f18aa2ac52ba2ec9cab332
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/codexbar-session-cookie-exposure-via-http-redirect
Resource:
third-party-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:01 Jun, 2026 | 19:16
Updated At:01 Jun, 2026 | 19:16

CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive cleartext HTTP requests carrying imported session cookies when a provider-controlled redirect target issues a redirect to a cleartext HTTP endpoint within the same provider domain.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.2HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-319Primarydisclosure@vulncheck.com
CWE ID: CWE-319
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/steipete/CodexBar/commit/cdd7e347c1cf616615f18aa2ac52ba2ec9cab332disclosure@vulncheck.com
N/A
https://github.com/steipete/CodexBar/pull/1226disclosure@vulncheck.com
N/A
https://github.com/steipete/CodexBar/releases/tag/v0.32.0disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/codexbar-session-cookie-exposure-via-http-redirectdisclosure@vulncheck.com
N/A
Hyperlink: https://github.com/steipete/CodexBar/commit/cdd7e347c1cf616615f18aa2ac52ba2ec9cab332
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/steipete/CodexBar/pull/1226
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/steipete/CodexBar/releases/tag/v0.32.0
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/codexbar-session-cookie-exposure-via-http-redirect
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

98Records found

CVE-2023-22870
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.29% / 21.28%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 00:46
Updated-26 Sep, 2024 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex information disclosure

IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-aspera_faspexlinux_kernelAspera Faspex
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-22863
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.36% / 27.56%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 18:46
Updated-03 Apr, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.

Action-Not Available
Vendor-Microsoft CorporationIBM CorporationRed Hat, Inc.
Product-robotic_process_automationrobotic_process_automation_as_a_serviceopenshiftwindowsrobotic_process_automation_for_cloud_pakRobotic Process Automation
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-64648
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.19% / 8.39%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:38
Updated-26 Mar, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-38846
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.42% / 33.64%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 13:15
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.

Action-Not Available
Vendor-espocrmn/a
Product-espocrmn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-62330
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 3.19%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 06:16
Updated-07 Jan, 2026 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information

HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive monitoring or man-in-the-middle attacks.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-hcl_devops_deployDevOps Deploy
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-29753
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.78% / 51.33%
||
7 Day CHG~0.00%
Published-05 Nov, 2021 | 17:15
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_process_managerBusiness Process ManagerBusiness Automation Workflow
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-29892
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.25% / 16.32%
||
7 Day CHG+0.01%
Published-03 Dec, 2024 | 16:27
Updated-11 Dec, 2024 | 03:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controller
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-1802
Matching Score-4
Assigner-Docker Inc.
ShareView Details
Matching Score-4
Assigner-Docker Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.55% / 41.90%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 08:52
Updated-10 Feb, 2025 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.

Action-Not Available
Vendor-Docker, Inc.
Product-desktopDocker Desktop
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-27924
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.55% / 41.90%
||
7 Day CHG~0.00%
Published-19 May, 2021 | 19:01
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires.

Action-Not Available
Vendor-n/aCouchbase, Inc.
Product-couchbase_servern/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-0922
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.48% / 38.22%
||
7 Day CHG~0.00%
Published-03 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.

Action-Not Available
Vendor-n/aSamba
Product-sambaSamba
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-14942
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.46% / 36.45%
||
7 Day CHG~0.00%
Published-15 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-14954
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.70% / 48.63%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 13:22
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-intellij_idean/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-44612
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 6.22%
||
7 Day CHG~0.00%
Published-30 May, 2025 | 00:00
Updated-22 Jul, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack.

Action-Not Available
Vendor-tinxyn/a
Product-wifi_lock_controller_v1_rfwifi_lock_controller_v1_rf_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-36020
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 9.85%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 14:28
Updated-22 Oct, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Guardium Data Protection information disclosure

IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information.

Action-Not Available
Vendor-IBM Corporation
Product-guardium_data_protectionGuardium Data Protection
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-36034
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 3.82%
||
7 Day CHG~0.00%
Published-26 Jun, 2025 | 15:14
Updated-26 Aug, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere DataStage Flow Designer information disclosure

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-36336
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 10.40%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 20:12
Updated-01 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Transmission of Sensitive Information found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.data intelligence
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-36107
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.23% / 13.55%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 18:07
Updated-18 Aug, 2025 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Analytics Mobile (iOS) information disclosure

IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_analytics_mobileCognos Analytics Mobile
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-26565
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-8.3||HIGH
EPSS-0.67% / 47.41%
||
7 Day CHG~0.00%
Published-26 Feb, 2021 | 21:45
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.

Action-Not Available
Vendor-Synology, Inc.
Product-uc3200vs960hd_firmwarevs960hdskynas_firmwarediskstation_manager_unified_controllerdiskstation_managerskynasSynology DiskStation Manager (DSM)
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-27722
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 18.94%
||
7 Day CHG+0.02%
Published-09 Apr, 2025 | 09:03
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information.

Action-Not Available
Vendor-Inaba Denki Sangyo Co., Ltd.
Product-AC-WPSM-11acAC-WPS-11ac-PAC-WPS-11acAC-WPSM-11ac-PAC-PD-WPS-11acAC-PD-WPS-11ac-P
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-27903
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 3.15%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 19:32
Updated-26 Feb, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-db2_recovery_expertDB2 Recovery Expert for LUW
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-45480
Matching Score-4
Assigner-Black Duck Software, Inc.
ShareView Details
Matching Score-4
Assigner-Black Duck Software, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.37% / 29.21%
||
7 Day CHG~0.00%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Action-Not Available
Vendor-beappsmobileTelepad
Product-pc_keyboard_wifi_\&_bluetoothPC Keyboard WiFi & Bluetooth
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-45483
Matching Score-4
Assigner-Black Duck Software, Inc.
ShareView Details
Matching Score-4
Assigner-Black Duck Software, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.37% / 29.21%
||
7 Day CHG~0.00%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Action-Not Available
Vendor-lazy_mouse_projectthisAAY
Product-lazy_mouseLazy Mouse
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-45478
Matching Score-4
Assigner-Black Duck Software, Inc.
ShareView Details
Matching Score-4
Assigner-Black Duck Software, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.30% / 21.37%
||
7 Day CHG~0.00%
Published-05 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Telepad allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Action-Not Available
Vendor-telepad-appTelepad
Product-telepadTelepad
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-23846
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-8.8||HIGH
EPSS-0.55% / 41.68%
||
7 Day CHG~0.00%
Published-18 Jun, 2021 | 13:38
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
B426 Credential Disclosure

When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-b426b426_firmwareB426 Firmware
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-22703
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-5.9||MEDIUM
EPSS-0.57% / 43.16%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 15:14
Updated-29 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-powerlogic_ion8300_firmwarepowerlogic_pm8000_firmwarepowerlogic_ion8300powerlogic_ion7400_firmwarepowerlogic_ion7650powerlogic_ion8650_firmwarepowerlogic_ion8600_firmwarepowerlogic_ion8800powerlogic_ion9000powerlogic_ion8400powerlogic_ion8500powerlogic_ion8600powerlogic_ion8800_firmwarepowerlogic_pm8000powerlogic_ion9000_firmwarepowerlogic_ion7400powerlogic_ion8400_firmwarepowerlogic_ion7650_firmwarepowerlogic_ion8650powerlogic_ion8500_firmwarePowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions)
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-22702
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-5.9||MEDIUM
EPSS-0.57% / 42.84%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 15:13
Updated-29 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-powerlogic_ion8300_firmwarepowerlogic_ion7700powerlogic_pm8000_firmwarepowerlogic_ion8300powerlogic_ion7400_firmwarepowerlogic_ion7650powerlogic_ion8650_firmwarepowerlogic_ion8600_firmwarepowerlogic_ion8500_firmwarepowerlogic_ion8800powerlogic_ion9000powerlogic_ion8400powerlogic_ion8500powerlogic_ion7300powerlogic_ion8600powerlogic_ion8800_firmwarepowerlogic_pm8000powerlogic_ion9000_firmwarepowerlogic_ion7400powerlogic_ion7650_firmwarepowerlogic_ion8650powerlogic_ion7300_firmwarepowerlogic_ion7700_firmwarepowerlogic_ion8400_firmwarePowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions)
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-20564
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.85% / 53.71%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 16:15
Updated-16 Sep, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 199235.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityCloud Pak for Security
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-20409
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.90% / 55.13%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 16:35
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 196188.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-39746
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 19.29%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 10:29
Updated-31 Oct, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Connect:Direct Web Services information disclosure

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-sterling_connect_direct_web_serviceslinux_kernelaixwindowsSterling Connect:Direct Web Services
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-9526
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.60% / 44.57%
||
7 Day CHG~0.00%
Published-10 Aug, 2020 | 15:22
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising devices.

Action-Not Available
Vendor-cs2-networkn/a
Product-p2pn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4893
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.65% / 46.61%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 17:40
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.

Action-Not Available
Vendor-IBM Corporation
Product-emptoris_strategic_supply_managementEmptoris Strategic Supply Management
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-4970
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.67% / 47.56%
||
7 Day CHG~0.00%
Published-19 May, 2022 | 16:05
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_managerSecurity Identity Governance and Intelligence
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-4969
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.6||LOW
EPSS-0.67% / 47.30%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 14:00
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_governance_and_intelligenceSecurity Identity Governance and Intelligence
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-4152
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.57% / 42.99%
||
7 Day CHG~0.00%
Published-08 Nov, 2021 | 16:50
Updated-16 Sep, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_network_securityQRadar Network Security
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-4497
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.39% / 30.67%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 21:50
Updated-17 Apr, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Protect Plus information disclosure

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-4397
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.65% / 46.46%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 20:30
Updated-16 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.

Action-Not Available
Vendor-IBM Corporation
Product-verify_gatewayVerify Gateway (IVG)
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-35584
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.75% / 50.51%
||
7 Day CHG~0.00%
Published-23 Dec, 2020 | 14:53
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.

Action-Not Available
Vendor-mersiven/a
Product-solstice_pod_firmwaresolstice_podn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-29380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.47% / 37.59%
||
7 Day CHG~0.00%
Published-29 Nov, 2020 | 00:46
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance.

Action-Not Available
Vendor-vsolcnn/a
Product-v1600d-miniv1600d_firmwarev1600g2v1600g1v1600d-mini_firmwarev1600g2_firmwarev1600g1_firmwarev1600dv1600d4lv1600d4l_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-27657
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.58% / 43.38%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 08:55
Updated-16 Sep, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-router_managerSynology Router Manager (SRM)
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-27184
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-5.9||MEDIUM
EPSS-0.32% / 23.64%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 12:06
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-nport_ia5150a_firmwarenport_ia5450a_firmwarenport_ia5250anport_ia5150anport_ia5250a_firmwarenport_ia5450aNPort IA5000A Series with Telnet enabled
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-25605
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-6.04% / 92.48%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 20:40
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic.

Action-Not Available
Vendor-agoran/a
Product-video_software_development_kitn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-14093
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-2.14% / 79.80%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 04:06
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.

Action-Not Available
Vendor-muttn/aCanonical Ltd.openSUSEDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxmuttleapn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-1343
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.9||MEDIUM
EPSS-2.83% / 84.88%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:44
Updated-04 Aug, 2024 | 06:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_live_shareMicrosoft Visual Studio Code Live Share extension
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-4063
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.04% / 59.97%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 18:00
Updated-17 Sep, 2024 | 04:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-4594
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.81% / 52.55%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-17 Sep, 2024 | 02:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-ForceID: 167810.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadarQradar
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-4667
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.81% / 52.55%
||
7 Day CHG~0.00%
Published-11 May, 2020 | 17:20
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-25278
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.1||CRITICAL
EPSS-0.30% / 22.07%
||
7 Day CHG~0.00%
Published-07 Jan, 2026 | 23:09
Updated-18 Feb, 2026 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure

FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.

Action-Not Available
Vendor-iwtiWT Ltd.
Product-facesentry_access_control_system_firmwarefacesentry_access_control_systemFaceSentry Access Control System
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-18285
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-1.02% / 59.35%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
  • Previous
  • 1
  • 2
  • Next
Details not found