Filtered by CWE-522
Total 1224 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-41676 1 Fortinet 1 Fortisiem 2024-11-21 4.2 Medium
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs.
CVE-2023-41010 2 Sichuan Tianyi Kanghe Communication Co Ltd, Tianyisc 3 China Telecom Tianyi Home Gateway, Tewa-700g, Tewa-700g Firmware 2024-11-21 5.5 Medium
Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the default password parameter.
CVE-2023-40347 1 Jenkins 1 Maven Artifact Choicelistprovider \(nexus\) 2024-11-21 6.5 Medium
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
CVE-2023-40345 1 Jenkins 1 Delphix 2024-11-21 6.5 Medium
Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.
CVE-2023-40173 1 Fobybus 1 Social-media-skeleton 2024-11-21 7.5 High
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue.
CVE-2023-3251 1 Tenable 1 Nessus 2024-11-21 4.1 Medium
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.
CVE-2023-38328 1 Egroupware 1 Egroupware 2024-11-21 4.9 Medium
An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.
CVE-2023-37951 1 Jenkins 1 Mabl 2024-11-21 6.5 Medium
Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
CVE-2023-36082 1 Gatesair 2 Flexiva Fax 150w, Flexiva Fax 150w Firmware 2024-11-21 9.8 Critical
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials.
CVE-2023-35067 1 Infodrom 1 E-invoice Approval System 2024-11-21 7.5 High
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701.
CVE-2023-34128 1 Sonicwall 2 Analytics, Global Management System 2024-11-21 9.8 Critical
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
CVE-2023-32338 1 Ibm 2 Sterling External Authentication Server, Sterling Secure Proxy 2024-11-21 5.1 Medium
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.
CVE-2023-32280 2024-11-21 5.3 Medium
Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access.
CVE-2023-32268 1 Microfocus 1 Filr 2024-11-21 7.2 High
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
CVE-2023-31824 1 Dericia 1 Delicia 2024-11-21 7.5 High
An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function.
CVE-2023-30776 1 Apache 1 Superset 2024-11-21 4.9 Medium
An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.
CVE-2023-27315 1 Netapp 1 Snapgathers 2024-11-21 6.5 Medium
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials
CVE-2023-27132 1 Tsplus 1 Tsplus Remote Work 2024-11-21 9.8 Critical
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product.
CVE-2023-26221 1 Tibco 3 Spotfire Analyst, Spotfire Analytics Platform, Spotfire Server 2024-11-21 5 Medium
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.
CVE-2023-26204 1 Fortinet 1 Fortisiem 2024-11-21 3.6 Low
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI.