Common Weakness Enumeration

CWE-256

Allowed

Plaintext Storage of a Password

Abstraction: Base · Status: Incomplete

The product stores a password in plaintext within resources such as memory or files.

397 vulnerabilities reference this CWE, most recent first.

CVE-2024-36464 (GCVE-0-2024-36464)

Vulnerability from cvelistv5 – Published: 2024-11-27 14:01 – Updated: 2025-11-03 21:55
VLAI
Title
Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported
Summary
When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
Impacted products
Vendor Product Version
Zabbix Zabbix Affected: 6.0.0 , ≤ 6.0.29 (git)
Affected: 6.4.0 , ≤ 6.4.15 (git)
Affected: 7.0.0alpha1 , ≤ 7.0.0 (git)
Create a notification for this product.
Date Public
2024-10-30 13:37
Credits
Zabbix wants to thank Jayateertha G for submitting this report on the HackerOne bug bounty platform.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36464",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:27:15.357237Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:28:40.384Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:55:14.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "API",
            "Frontend",
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.30rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.0.29",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.16rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "7.0.1rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.0",
              "status": "affected",
              "version": "7.0.0alpha1",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank Jayateertha G for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T13:37:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords."
            }
          ],
          "value": "When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T14:01:58.136Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25630"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-36464",
    "datePublished": "2024-11-27T14:01:58.136Z",
    "dateReserved": "2024-05-28T11:21:24.946Z",
    "dateUpdated": "2025-11-03T21:55:14.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36460 (GCVE-0-2024-36460)

Vulnerability from cvelistv5 – Published: 2024-08-09 09:28 – Updated: 2025-11-03 21:55
VLAI
Title
Front-end audit log shows passwords in plaintext
Summary
The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
Impacted products
Vendor Product Version
Zabbix Zabbix Affected: 5,0,0 , ≤ 5.0.42 (git)
Affected: 6.0.0 , ≤ 6.0.30 (git)
Affected: 6.4.0 , ≤ 6.4.15 (git)
Affected: 7.0.0alpha1 , ≤ 7.0.0rc2 (git)
Create a notification for this product.
zabbix zabbix Affected: 5.0.0 , ≤ 5.0.42 (git)
Affected: 6.0.0 , ≤ 6.0.30 (git)
Affected: 6.4.0 , ≤ 6.4.15 (git)
Affected: 7.0.0alpha1 , ≤ 7.0.0rc2 (git)
    cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-13 06:57
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "zabbix",
            "vendor": "zabbix",
            "versions": [
              {
                "lessThanOrEqual": "5.0.42",
                "status": "affected",
                "version": "5.0.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "6.0.30",
                "status": "affected",
                "version": "6.0.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "6.4.15",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "7.0.0rc2",
                "status": "affected",
                "version": "7.0.0alpha1",
                "versionType": "git"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36460",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-09T15:04:09.786651Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-09T15:42:11.632Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:55:11.809Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Frontend"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "5.0.43rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "5.0.42",
              "status": "affected",
              "version": "5,0,0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.0.31rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.0.30",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.16rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "7.2.0alpha1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.0rc2",
              "status": "affected",
              "version": "7.0.0alpha1",
              "versionType": "git"
            }
          ]
        }
      ],
      "datePublic": "2024-06-13T06:57:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text."
            }
          ],
          "value": "The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-09T13:44:15.784Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25017"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Front-end audit log shows passwords in plaintext",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-36460",
    "datePublished": "2024-08-09T09:28:12.887Z",
    "dateReserved": "2024-05-28T11:21:24.946Z",
    "dateUpdated": "2025-11-03T21:55:11.809Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-31899 (GCVE-0-2024-31899)

Vulnerability from cvelistv5 – Published: 2024-09-26 13:34 – Updated: 2024-09-26 17:04
VLAI
Title
IBM Cognos Command Center information disclosure
Summary
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM Cognos Command Center Affected: 10.2.4.1, 10.2.5
    cpe:2.3:a:ibm:cognos_command_center:10.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31899",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T17:03:17.985272Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T17:04:12.761Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:cognos_command_center:10.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Cognos Command Center",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.2.4.1, 10.2.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device."
            }
          ],
          "value": "IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-26T13:34:57.008Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7149734"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Cognos Command Center information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-31899",
    "datePublished": "2024-09-26T13:34:57.008Z",
    "dateReserved": "2024-04-07T12:44:57.197Z",
    "dateUpdated": "2024-09-26T17:04:12.761Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-29978 (GCVE-0-2024-29978)

Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:19
VLAI
Summary
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext storage of a password
Assigner
Impacted products
Vendor Product Version
Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
Create a notification for this product.
Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29978",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T17:36:38.117189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T17:36:49.190Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:19:54.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple MFPs (multifunction printers)",
          "vendor": "Sharp Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "See the information provided by Sharp Corporation listed under [References]"
            }
          ]
        },
        {
          "product": "Multiple MFPs (multifunction printers)",
          "vendor": "Toshiba Tec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "Plaintext storage of a password",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-26T07:37:27.029Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
        },
        {
          "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
        },
        {
          "url": "https://www.toshibatec.com/information/20240531_02.html"
        },
        {
          "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU93051062/"
        },
        {
          "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-29978",
    "datePublished": "2024-11-26T07:37:27.029Z",
    "dateReserved": "2024-05-22T09:00:12.924Z",
    "dateUpdated": "2025-11-04T17:19:54.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-28971 (GCVE-0-2024-28971)

Vulnerability from cvelistv5 – Published: 2024-05-08 15:37 – Updated: 2024-08-02 01:03
VLAI
Summary
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
References
Impacted products
Vendor Product Version
Dell Update Manager Plugin Affected: 1.4.0 , ≤ 1.5.0 (semver)
Create a notification for this product.
Date Public
2025-05-07 06:30
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28971",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-25T18:36:30.411487Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-25T18:36:37.164Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.393Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000224849/dsa-2024-209-security-update-for-dell-update-manager-plugin-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Update Manager Plugin",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "1.5.0",
              "status": "affected",
              "version": "1.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-05-07T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account."
            }
          ],
          "value": "Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256: Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-08T15:37:31.837Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000224849/dsa-2024-209-security-update-for-dell-update-manager-plugin-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-28971",
    "datePublished": "2024-05-08T15:37:31.837Z",
    "dateReserved": "2024-03-13T15:44:22.627Z",
    "dateUpdated": "2024-08-02T01:03:51.393Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-28961 (GCVE-0-2024-28961)

Vulnerability from cvelistv5 – Published: 2024-04-29 08:25 – Updated: 2024-08-02 01:03
VLAI
Summary
Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
References
Impacted products
Vendor Product Version
Dell Dell OpenManage Enterprise Affected: 4.0.0
Affected: 4.0.1
Create a notification for this product.
dell openmanage_enterprise Affected: 4.0.0
    cpe:2.3:a:dell:openmanage_enterprise:-:*:*:*:*:*:*:*
Create a notification for this product.
dell openmanage_enterprise Affected: 4.0.1
    cpe:2.3:a:dell:openmanage_enterprise:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-04-29 06:30
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:dell:openmanage_enterprise:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openmanage_enterprise",
            "vendor": "dell",
            "versions": [
              {
                "status": "affected",
                "version": "4.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:dell:openmanage_enterprise:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openmanage_enterprise",
            "vendor": "dell",
            "versions": [
              {
                "status": "affected",
                "version": "4.0.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28961",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-29T16:20:16.043291Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:39.929Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000224251/dsa-2024-184-security-update-for-dell-openmanage-enterprise-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Dell OpenManage Enterprise",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            }
          ]
        }
      ],
      "datePublic": "2024-04-29T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity."
            }
          ],
          "value": "Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256: Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-29T08:25:28.165Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000224251/dsa-2024-184-security-update-for-dell-openmanage-enterprise-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-28961",
    "datePublished": "2024-04-29T08:25:28.165Z",
    "dateReserved": "2024-03-13T15:42:12.959Z",
    "dateUpdated": "2024-08-02T01:03:51.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-28782 (GCVE-0-2024-28782)

Vulnerability from cvelistv5 – Published: 2024-04-03 12:00 – Updated: 2025-08-27 15:49
VLAI
Title
IBM QRadar Suite Software information disclosure
Summary
IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
ibm
Impacted products
Vendor Product Version
IBM QRadar Suite Software Affected: 1.10.12.0 , ≤ 1.10.18.0 (semver)
Create a notification for this product.
IBM Cloud Pak for Security Affected: 1.10.0.0 , ≤ 1.10.11.0 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28782",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T20:12:03.761443Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T15:49:06.871Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:56:58.059Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7145683"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285698"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QRadar Suite Software",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "1.10.18.0",
              "status": "affected",
              "version": "1.10.12.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cloud Pak for Security",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "1.10.11.0",
              "status": "affected",
              "version": "1.10.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user.  IBM X-Force ID:  285698."
            }
          ],
          "value": "IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user.  IBM X-Force ID:  285698."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-03T12:00:55.863Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7145683"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285698"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM QRadar Suite Software information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-28782",
    "datePublished": "2024-04-03T12:00:55.863Z",
    "dateReserved": "2024-03-10T12:23:24.002Z",
    "dateUpdated": "2025-08-27T15:49:06.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27166 (GCVE-0-2024-27166)

Vulnerability from cvelistv5 – Published: 2024-06-14 03:48 – Updated: 2025-02-13 17:46
VLAI
Title
Insecure permissions
Summary
Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
  • CWE-319 - Cleartext Transmission of Sensitive Information
  • CWE-256 - Plaintext Storage of a Password
Assigner
Impacted products
Vendor Product Version
Toshiba Tec Corporation Toshiba Tec e-Studio multi-function peripheral (MFP) Affected: see the reference URL
Create a notification for this product.
toshibatec e-studio-2521_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2521_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2020_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2020_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2520_nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2520_nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2021_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2021_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3025_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3025_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3525_acg Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3525_acg:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5525_acg Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5525_acg:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6525_acg Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6525_acg:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3028-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3028-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3528-ag Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3528-ag:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4528-ag Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4528-ag:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6526-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6526-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6527-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6527-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-7527-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-7527-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6529-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6529-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-7529-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-7529-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-9029-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-9029-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-330-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-330-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-400-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-400-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2010-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2010-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2110-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2110-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2510-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2510-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2610-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2610-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2015-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2015-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2515-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2515-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2615-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2615-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3015-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3015-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3115-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3115-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3515-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3515-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3615-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3615-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4515_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4515_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4615_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4615_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5015_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5015_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5115_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5115_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2018_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2018_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2518_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2518_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2618_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2618_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3018_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3018_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3118_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3118_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3118_ag Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3118_ag:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-14 02:00
Credits
We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2521_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2521_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2020_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2020_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2520_nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2520_nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2021_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2021_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3025_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3025_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3525_acg:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3525_acg",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5525_acg:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5525_acg",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6525_acg:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6525_acg",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3028-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3028-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3528-ag:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3528-ag",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4528-ag:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4528-ag",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6526-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6526-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6527-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6527-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-7527-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-7527-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6529-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6529-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-7529-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-7529-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-9029-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-9029-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-330-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-330-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-400-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-400-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2010-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2010-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2110-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2110-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2510-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2510-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2610-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2610-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2015-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2015-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2515-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2515-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2615-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2615-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3015-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3015-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3115-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3115-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3515-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3515-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3615-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3615-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4515_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4515_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4615_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4615_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5015_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5015_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5115_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5115_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2018_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2018_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2518_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2518_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2618_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2618_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3018_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3018_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3118_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3118_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3118_ag:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3118_ag",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27166",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T16:00:47.400333Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T19:49:17.449Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:27:59.520Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.toshibatec.com/information/20240531_01.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Toshiba Tec e-Studio multi-function peripheral (MFP)",
          "vendor": "Toshiba Tec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "see the reference URL"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products."
        }
      ],
      "datePublic": "2024-06-14T02:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL."
            }
          ],
          "value": "Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We are not aware of any malicious exploitation by these vulnerabilities.\u003cbr\u003e"
            }
          ],
          "value": "We are not aware of any malicious exploitation by these vulnerabilities."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-04T05:07:16.317Z",
        "orgId": "ecc0f906-8666-484c-bcf8-c3b7520a72f0",
        "shortName": "Toshiba"
      },
      "references": [
        {
          "url": "https://www.toshibatec.com/information/20240531_01.html"
        },
        {
          "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/1"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.\u003cbr\u003e"
            }
          ],
          "value": "This issue is fixed in the version released on June 14, 2024 and all later versions."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-14T02:00:00.000Z",
          "value": "Fixes will be released"
        }
      ],
      "title": "Insecure permissions",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ecc0f906-8666-484c-bcf8-c3b7520a72f0",
    "assignerShortName": "Toshiba",
    "cveId": "CVE-2024-27166",
    "datePublished": "2024-06-14T03:48:46.097Z",
    "dateReserved": "2024-02-21T02:11:59.652Z",
    "dateUpdated": "2025-02-13T17:46:09.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26165 (GCVE-0-2024-26165)

Vulnerability from cvelistv5 – Published: 2024-03-12 16:58 – Updated: 2025-05-03 00:47
VLAI
Title
Visual Studio Code Elevation of Privilege Vulnerability
Summary
Visual Studio Code Elevation of Privilege Vulnerability
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
References
Impacted products
Vendor Product Version
Microsoft Visual Studio Code Affected: 1.0.0 , < 1.87.2 (custom)
Create a notification for this product.
Date Public
2024-03-12 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:59:32.725Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Code Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26165"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26165",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-12T19:00:22.048925Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T17:39:49.986Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Visual Studio Code",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.87.2",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_code:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.87.2",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-03-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Code Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256: Plaintext Storage of a Password",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T00:47:11.878Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Code Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26165"
        }
      ],
      "title": "Visual Studio Code Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-26165",
    "datePublished": "2024-03-12T16:58:15.034Z",
    "dateReserved": "2024-02-14T22:23:54.096Z",
    "dateUpdated": "2025-05-03T00:47:11.878Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26133 (GCVE-0-2024-26133)

Vulnerability from cvelistv5 – Published: 2024-02-21 16:49 – Updated: 2024-08-01 23:59
VLAI
Title
EventStoreDB Projections Subsystem has potential password leak
Summary
EventStoreDB (ESDB) is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affected by this vulnerability. User passwords may become accessible to those who have access to the chunk files on disk, and users who have read access to system streams. Only users in the `$admins` group can access system streams by default. ESDB 23.10.1, 22.10.5, 21.10.11, and 20.10.6 contain a patch for this issue. Users should upgrade EventStoreDB, reset the passwords for current and previous members of `$admins` and `$ops` groups, and, if a password was reused in any other system, reset it in those systems to a unique password to follow best practices. If an upgrade cannot be done immediately, reset the passwords for current and previous members of `$admins` and `$ops` groups. Avoid creating custom projections until the patch has been applied.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
Impacted products
Vendor Product Version
EventStore EventStore Affected: >= 23.0.0, < 23.10.1
Affected: >= 22.0.0, < 22.10.5
Affected: >= 21.0.0, < 21.10.11
Affected: >= 20.0.0, < 20.10.6
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26133",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-21T20:39:57.383915Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:53.650Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:59:32.615Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/EventStore/EventStore/security/advisories/GHSA-6r53-v8hj-x684",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/EventStore/EventStore/security/advisories/GHSA-6r53-v8hj-x684"
          },
          {
            "name": "https://github.com/EventStore/EventStore/commit/6d4edee18c7fe886abffe58fa1f97d72681b24bf",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/EventStore/EventStore/commit/6d4edee18c7fe886abffe58fa1f97d72681b24bf"
          },
          {
            "name": "https://developers.eventstore.com/cloud/ops/#upgrading-eventstoredb-version",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developers.eventstore.com/cloud/ops/#upgrading-eventstoredb-version"
          },
          {
            "name": "https://developers.eventstore.com/server/v22.10/upgrade-guide.html#upgrade-guide-for-eventstoredb-22-10",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developers.eventstore.com/server/v22.10/upgrade-guide.html#upgrade-guide-for-eventstoredb-22-10"
          },
          {
            "name": "https://www.eventstore.com/blog/eventstoredb-security-release-23.10-22.10-21.10-and-20.10-for-cve-2024-26133",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.eventstore.com/blog/eventstoredb-security-release-23.10-22.10-21.10-and-20.10-for-cve-2024-26133"
          },
          {
            "name": "https://www.eventstore.com/blog/new-version-strategy",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.eventstore.com/blog/new-version-strategy"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EventStore",
          "vendor": "EventStore",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 23.0.0, \u003c 23.10.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 22.0.0, \u003c 22.10.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 21.0.0, \u003c 21.10.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 20.0.0, \u003c 20.10.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "EventStoreDB (ESDB) is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affected by this vulnerability. User passwords may become accessible to those who have access to the chunk files on disk, and users who have read access to system streams. Only users in the `$admins` group can access system streams by default. ESDB 23.10.1, 22.10.5, 21.10.11, and 20.10.6 contain a patch for this issue. Users should upgrade EventStoreDB, reset the passwords for current and previous members of `$admins` and `$ops` groups, and, if a password was reused in any other system, reset it in those systems to a unique password to follow best practices. If an upgrade cannot be done immediately, reset the passwords for current and previous members of `$admins` and `$ops` groups. Avoid creating custom projections until the patch has been applied."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256: Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-21T16:49:32.426Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/EventStore/EventStore/security/advisories/GHSA-6r53-v8hj-x684",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/EventStore/EventStore/security/advisories/GHSA-6r53-v8hj-x684"
        },
        {
          "name": "https://github.com/EventStore/EventStore/commit/6d4edee18c7fe886abffe58fa1f97d72681b24bf",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/EventStore/EventStore/commit/6d4edee18c7fe886abffe58fa1f97d72681b24bf"
        },
        {
          "name": "https://developers.eventstore.com/cloud/ops/#upgrading-eventstoredb-version",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developers.eventstore.com/cloud/ops/#upgrading-eventstoredb-version"
        },
        {
          "name": "https://developers.eventstore.com/server/v22.10/upgrade-guide.html#upgrade-guide-for-eventstoredb-22-10",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developers.eventstore.com/server/v22.10/upgrade-guide.html#upgrade-guide-for-eventstoredb-22-10"
        },
        {
          "name": "https://www.eventstore.com/blog/eventstoredb-security-release-23.10-22.10-21.10-and-20.10-for-cve-2024-26133",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.eventstore.com/blog/eventstoredb-security-release-23.10-22.10-21.10-and-20.10-for-cve-2024-26133"
        },
        {
          "name": "https://www.eventstore.com/blog/new-version-strategy",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.eventstore.com/blog/new-version-strategy"
        }
      ],
      "source": {
        "advisory": "GHSA-6r53-v8hj-x684",
        "discovery": "UNKNOWN"
      },
      "title": "EventStoreDB Projections Subsystem has potential password leak"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-26133",
    "datePublished": "2024-02-21T16:49:32.426Z",
    "dateReserved": "2024-02-14T17:40:03.687Z",
    "dateUpdated": "2024-08-01T23:59:32.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Avoid storing passwords in easily accessible locations.

Mitigation
Architecture and Design

Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext.

Mitigation

A programmer might attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password because the encoding can be detected and decoded easily.

No CAPEC attack patterns related to this CWE.