Common Weakness Enumeration

CWE-523

Allowed

Unprotected Transport of Credentials

Abstraction: Base · Status: Incomplete

Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

40 vulnerabilities reference this CWE, most recent first.

CVE-2024-20395 (GCVE-0-2024-20395)

Vulnerability from cvelistv5 – Published: 2024-07-17 16:32 – Updated: 2024-08-01 21:59
VLAI
Summary
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-523 - Unprotected Transport of Credentials
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Webex Teams Affected: 3.0.13464.0
Affected: 3.0.13538.0
Affected: 3.0.13588.0
Affected: 3.0.14154.0
Affected: 3.0.14234.0
Affected: 3.0.14375.0
Affected: 3.0.14741.0
Affected: 3.0.14866.0
Affected: 3.0.15015.0
Affected: 3.0.15036.0
Affected: 3.0.15092.0
Affected: 3.0.15131.0
Affected: 3.0.15164.0
Affected: 3.0.15221.0
Affected: 3.0.15333.0
Affected: 3.0.15410.0
Affected: 3.0.15485.0
Affected: 3.0.15645.0
Affected: 3.0.15711.0
Affected: 3.0.16040.0
Affected: 3.0.16269.0
Affected: 3.0.16273.0
Affected: 3.0.16285.0
Affected: 4.0
Affected: 4.1
Affected: 4.10
Affected: 4.12
Affected: 4.13
Affected: 4.14
Affected: 4.15
Affected: 4.16
Affected: 4.17
Affected: 4.18
Affected: 4.19
Affected: 4.2
Affected: 4.20
Affected: 4.3
Affected: 4.4
Affected: 4.5
Affected: 4.6
Affected: 4.8
Affected: 4.9
Affected: 4.1.57
Affected: 4.1.92
Affected: 4.10.343
Affected: 4.11.211
Affected: 4.12.236
Affected: 4.13.200
Affected: 4.2.42
Affected: 4.2.75
Affected: 4.5.224
Affected: 4.6.197
Affected: 4.7.78
Affected: 4.8.170
Affected: 4.9.205
Affected: 4.9.252
Affected: 4.9.269
Affected: 42.1.0.169
Affected: 42.1.0.21190
Affected: 42.1.0.2219
Affected: 42.10
Affected: 42.10.0.23814
Affected: 42.10.0.24000
Affected: 42.11
Affected: 42.11.0.24187
Affected: 42.12
Affected: 42.12.0.24485
Affected: 42.2
Affected: 42.2.0.21338
Affected: 42.2.0.21486
Affected: 42.3
Affected: 42.3.0.21576
Affected: 42.4.1.22032
Affected: 42.5.0.22259
Affected: 42.6
Affected: 42.6.0.22565
Affected: 42.6.0.22645
Affected: 42.7
Affected: 42.7.0.22904
Affected: 42.7.0.23054
Affected: 42.8
Affected: 42.8.0.23214
Affected: 42.8.0.23281
Affected: 42.9
Affected: 42.9.0.23494
Affected: 43.1
Affected: 43.1.0.24716
Affected: 43.2
Affected: 43.2.0.25157
Affected: 43.2.0.25211
Affected: 43.3
Affected: 43.3.0.25468
Affected: 43.4
Affected: 43.4.0.25788
Create a notification for this product.
cisco webex_teams Affected: 3.0.13464.0
Affected: 3.0.13538.0
Affected: 3.0.13588.0
Affected: 3.0.14154.0
Affected: 3.0.14234.0
Affected: 3.0.14375.0
Affected: 3.0.14741.0
Affected: 3.0.14866.0
Affected: 3.0.15015.0
Affected: 3.0.15036.0
Affected: 3.0.15092.0
Affected: 3.0.15131.0
Affected: 3.0.15164.0
Affected: 3.0.15221.0
Affected: 3.0.15333.0
Affected: 3.0.15410.0
Affected: 3.0.15485.0
Affected: 3.0.15645.0
Affected: 3.0.15711.0
Affected: 3.0.16040.0
Affected: 3.0.16269.0
Affected: 3.0.16273.0
Affected: 3.0.16285.0
Affected: 4.0
Affected: 4.1
Affected: 4.10
Affected: 4.12
Affected: 4.13
Affected: 4.14
Affected: 4.15
Affected: 4.16
Affected: 4.17
Affected: 4.18
Affected: 4.19
Affected: 4.2
Affected: 4.20
Affected: 4.3
Affected: 4.4
Affected: 4.5
Affected: 4.6
Affected: 4.8
Affected: 4.9
Affected: 4.1.57
Affected: 4.1.92
Affected: 4.10.343
Affected: 4.11.211
Affected: 4.12.236
Affected: 4.13.200
Affected: 4.2.42
Affected: 4.2.75
Affected: 4.5.224
Affected: 4.6.197
Affected: 4.7.78
Affected: 4.8.170
Affected: 4.9.205
Affected: 4.9.252
Affected: 4.9.269
Affected: 42.1.0.169
Affected: 42.1.0.21190
Affected: 42.1.0.2219
Affected: 42.10
Affected: 42.10.0.23814
Affected: 42.10.0.24000
Affected: 42.11
Affected: 42.11.0.24187
Affected: 42.12
Affected: 42.12.0.24485
Affected: 42.2
Affected: 42.2.0.21338
Affected: 42.2.0.21486
Affected: 42.3
Affected: 42.3.0.21576
Affected: 42.4.1.22032
Affected: 42.5.0.22259
Affected: 42.6
Affected: 42.6.0.22565
Affected: 42.6.0.22645
Affected: 42.7
Affected: 42.7.0.22904
Affected: 42.7.0.23054
Affected: 42.8
Affected: 42.8.0.23214
Affected: 42.8.0.23281
Affected: 42.9
Affected: 42.9.0.23494
Affected: 43.1
Affected: 43.1.0.24716
Affected: 43.2
Affected: 43.2.0.25157
Affected: 43.2.0.25211
Affected: 43.3
Affected: 43.3.0.25468
Affected: 43.4
Affected: 43.4.0.25788
    cpe:2.3:a:cisco:webex_teams:3.0.13464.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.13538.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.13588.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.14154.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.14234.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.14375.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.14741.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.14866.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.15015.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.15036.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.15092.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.15131.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.15164.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.15221.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.15333.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.15410.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.15485.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.15645.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.15711.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.16040.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.16269.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.16273.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:3.0.16285.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.10:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.12:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.13:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.14:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.15:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.16:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.17:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.18:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.19:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.20:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.6:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.8:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.9:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.1.57:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.1.92:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.10.343:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.11.211:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.12.236:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.13.200:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.2.42:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.2.75:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.5.224:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.6.197:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.7.78:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.8.170:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.9.205:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.9.252:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:4.9.269:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.1.0.169:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.1.0.21190:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.1.0.2219:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.10:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.10.0.23814:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.10.0.24000:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.11:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.11.0.24187:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.12:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.12.0.24485:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.2.0.21338:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.2.0.21486:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.3.0.21576:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.4.1.22032:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.5.0.22259:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.6:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.6.0.22565:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.6.0.22645:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.7:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.7.0.22904:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.7.0.23054:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.8:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.8.0.23214:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.8.0.23281:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.9:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:42.9.0.23494:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:43.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:43.1.0.24716:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:43.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:43.2.0.25157:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:43.2.0.25211:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:43.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:43.3.0.25468:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:43.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:webex_teams:43.4.0.25788:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:webex_teams:3.0.13464.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.13538.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.13588.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.14154.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.14234.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.14375.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.14741.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.14866.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15015.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15036.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15092.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15131.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15164.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15221.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15333.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15410.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15485.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15645.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15711.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.16040.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.16269.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.16273.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.16285.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.10:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.12:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.13:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.14:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.15:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.16:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.17:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.18:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.19:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.20:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.8:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.9:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.1.57:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.1.92:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.10.343:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.11.211:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.12.236:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.13.200:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.2.42:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.2.75:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.5.224:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.6.197:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.7.78:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.8.170:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.9.205:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.9.252:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.9.269:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.1.0.169:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.1.0.21190:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.1.0.2219:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.10:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.10.0.23814:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.10.0.24000:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.11:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.11.0.24187:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.12:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.12.0.24485:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.2.0.21338:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.2.0.21486:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.3.0.21576:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.4.1.22032:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.5.0.22259:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.6.0.22565:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.6.0.22645:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.7:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.7.0.22904:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.7.0.23054:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.8:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.8.0.23214:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.8.0.23281:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.9:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.9.0.23494:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.1.0.24716:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.2.0.25157:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.2.0.25211:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.3.0.25468:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.4.0.25788:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "webex_teams",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "3.0.13464.0"
              },
              {
                "status": "affected",
                "version": "3.0.13538.0"
              },
              {
                "status": "affected",
                "version": "3.0.13588.0"
              },
              {
                "status": "affected",
                "version": "3.0.14154.0"
              },
              {
                "status": "affected",
                "version": "3.0.14234.0"
              },
              {
                "status": "affected",
                "version": "3.0.14375.0"
              },
              {
                "status": "affected",
                "version": "3.0.14741.0"
              },
              {
                "status": "affected",
                "version": "3.0.14866.0"
              },
              {
                "status": "affected",
                "version": "3.0.15015.0"
              },
              {
                "status": "affected",
                "version": "3.0.15036.0"
              },
              {
                "status": "affected",
                "version": "3.0.15092.0"
              },
              {
                "status": "affected",
                "version": "3.0.15131.0"
              },
              {
                "status": "affected",
                "version": "3.0.15164.0"
              },
              {
                "status": "affected",
                "version": "3.0.15221.0"
              },
              {
                "status": "affected",
                "version": "3.0.15333.0"
              },
              {
                "status": "affected",
                "version": "3.0.15410.0"
              },
              {
                "status": "affected",
                "version": "3.0.15485.0"
              },
              {
                "status": "affected",
                "version": "3.0.15645.0"
              },
              {
                "status": "affected",
                "version": "3.0.15711.0"
              },
              {
                "status": "affected",
                "version": "3.0.16040.0"
              },
              {
                "status": "affected",
                "version": "3.0.16269.0"
              },
              {
                "status": "affected",
                "version": "3.0.16273.0"
              },
              {
                "status": "affected",
                "version": "3.0.16285.0"
              },
              {
                "status": "affected",
                "version": "4.0"
              },
              {
                "status": "affected",
                "version": "4.1"
              },
              {
                "status": "affected",
                "version": "4.10"
              },
              {
                "status": "affected",
                "version": "4.12"
              },
              {
                "status": "affected",
                "version": "4.13"
              },
              {
                "status": "affected",
                "version": "4.14"
              },
              {
                "status": "affected",
                "version": "4.15"
              },
              {
                "status": "affected",
                "version": "4.16"
              },
              {
                "status": "affected",
                "version": "4.17"
              },
              {
                "status": "affected",
                "version": "4.18"
              },
              {
                "status": "affected",
                "version": "4.19"
              },
              {
                "status": "affected",
                "version": "4.2"
              },
              {
                "status": "affected",
                "version": "4.20"
              },
              {
                "status": "affected",
                "version": "4.3"
              },
              {
                "status": "affected",
                "version": "4.4"
              },
              {
                "status": "affected",
                "version": "4.5"
              },
              {
                "status": "affected",
                "version": "4.6"
              },
              {
                "status": "affected",
                "version": "4.8"
              },
              {
                "status": "affected",
                "version": "4.9"
              },
              {
                "status": "affected",
                "version": "4.1.57"
              },
              {
                "status": "affected",
                "version": "4.1.92"
              },
              {
                "status": "affected",
                "version": "4.10.343"
              },
              {
                "status": "affected",
                "version": "4.11.211"
              },
              {
                "status": "affected",
                "version": "4.12.236"
              },
              {
                "status": "affected",
                "version": "4.13.200"
              },
              {
                "status": "affected",
                "version": "4.2.42"
              },
              {
                "status": "affected",
                "version": "4.2.75"
              },
              {
                "status": "affected",
                "version": "4.5.224"
              },
              {
                "status": "affected",
                "version": "4.6.197"
              },
              {
                "status": "affected",
                "version": "4.7.78"
              },
              {
                "status": "affected",
                "version": "4.8.170"
              },
              {
                "status": "affected",
                "version": "4.9.205"
              },
              {
                "status": "affected",
                "version": "4.9.252"
              },
              {
                "status": "affected",
                "version": "4.9.269"
              },
              {
                "status": "affected",
                "version": "42.1.0.169"
              },
              {
                "status": "affected",
                "version": "42.1.0.21190"
              },
              {
                "status": "affected",
                "version": "42.1.0.2219"
              },
              {
                "status": "affected",
                "version": "42.10"
              },
              {
                "status": "affected",
                "version": "42.10.0.23814"
              },
              {
                "status": "affected",
                "version": "42.10.0.24000"
              },
              {
                "status": "affected",
                "version": "42.11"
              },
              {
                "status": "affected",
                "version": "42.11.0.24187"
              },
              {
                "status": "affected",
                "version": "42.12"
              },
              {
                "status": "affected",
                "version": "42.12.0.24485"
              },
              {
                "status": "affected",
                "version": "42.2"
              },
              {
                "status": "affected",
                "version": "42.2.0.21338"
              },
              {
                "status": "affected",
                "version": "42.2.0.21486"
              },
              {
                "status": "affected",
                "version": "42.3"
              },
              {
                "status": "affected",
                "version": "42.3.0.21576"
              },
              {
                "status": "affected",
                "version": "42.4.1.22032"
              },
              {
                "status": "affected",
                "version": "42.5.0.22259"
              },
              {
                "status": "affected",
                "version": "42.6"
              },
              {
                "status": "affected",
                "version": "42.6.0.22565"
              },
              {
                "status": "affected",
                "version": "42.6.0.22645"
              },
              {
                "status": "affected",
                "version": "42.7"
              },
              {
                "status": "affected",
                "version": "42.7.0.22904"
              },
              {
                "status": "affected",
                "version": "42.7.0.23054"
              },
              {
                "status": "affected",
                "version": "42.8"
              },
              {
                "status": "affected",
                "version": "42.8.0.23214"
              },
              {
                "status": "affected",
                "version": "42.8.0.23281"
              },
              {
                "status": "affected",
                "version": "42.9"
              },
              {
                "status": "affected",
                "version": "42.9.0.23494"
              },
              {
                "status": "affected",
                "version": "43.1"
              },
              {
                "status": "affected",
                "version": "43.1.0.24716"
              },
              {
                "status": "affected",
                "version": "43.2"
              },
              {
                "status": "affected",
                "version": "43.2.0.25157"
              },
              {
                "status": "affected",
                "version": "43.2.0.25211"
              },
              {
                "status": "affected",
                "version": "43.3"
              },
              {
                "status": "affected",
                "version": "43.3.0.25468"
              },
              {
                "status": "affected",
                "version": "43.4"
              },
              {
                "status": "affected",
                "version": "43.4.0.25788"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20395",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-18T03:55:23.962265Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-18T13:23:45.549Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.341Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-webex-app-ZjNm8X8j",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Teams",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.13464.0"
            },
            {
              "status": "affected",
              "version": "3.0.13538.0"
            },
            {
              "status": "affected",
              "version": "3.0.13588.0"
            },
            {
              "status": "affected",
              "version": "3.0.14154.0"
            },
            {
              "status": "affected",
              "version": "3.0.14234.0"
            },
            {
              "status": "affected",
              "version": "3.0.14375.0"
            },
            {
              "status": "affected",
              "version": "3.0.14741.0"
            },
            {
              "status": "affected",
              "version": "3.0.14866.0"
            },
            {
              "status": "affected",
              "version": "3.0.15015.0"
            },
            {
              "status": "affected",
              "version": "3.0.15036.0"
            },
            {
              "status": "affected",
              "version": "3.0.15092.0"
            },
            {
              "status": "affected",
              "version": "3.0.15131.0"
            },
            {
              "status": "affected",
              "version": "3.0.15164.0"
            },
            {
              "status": "affected",
              "version": "3.0.15221.0"
            },
            {
              "status": "affected",
              "version": "3.0.15333.0"
            },
            {
              "status": "affected",
              "version": "3.0.15410.0"
            },
            {
              "status": "affected",
              "version": "3.0.15485.0"
            },
            {
              "status": "affected",
              "version": "3.0.15645.0"
            },
            {
              "status": "affected",
              "version": "3.0.15711.0"
            },
            {
              "status": "affected",
              "version": "3.0.16040.0"
            },
            {
              "status": "affected",
              "version": "3.0.16269.0"
            },
            {
              "status": "affected",
              "version": "3.0.16273.0"
            },
            {
              "status": "affected",
              "version": "3.0.16285.0"
            },
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "status": "affected",
              "version": "4.13"
            },
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "status": "affected",
              "version": "4.4"
            },
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "status": "affected",
              "version": "4.6"
            },
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "status": "affected",
              "version": "4.1.57"
            },
            {
              "status": "affected",
              "version": "4.1.92"
            },
            {
              "status": "affected",
              "version": "4.10.343"
            },
            {
              "status": "affected",
              "version": "4.11.211"
            },
            {
              "status": "affected",
              "version": "4.12.236"
            },
            {
              "status": "affected",
              "version": "4.13.200"
            },
            {
              "status": "affected",
              "version": "4.2.42"
            },
            {
              "status": "affected",
              "version": "4.2.75"
            },
            {
              "status": "affected",
              "version": "4.5.224"
            },
            {
              "status": "affected",
              "version": "4.6.197"
            },
            {
              "status": "affected",
              "version": "4.7.78"
            },
            {
              "status": "affected",
              "version": "4.8.170"
            },
            {
              "status": "affected",
              "version": "4.9.205"
            },
            {
              "status": "affected",
              "version": "4.9.252"
            },
            {
              "status": "affected",
              "version": "4.9.269"
            },
            {
              "status": "affected",
              "version": "42.1.0.169"
            },
            {
              "status": "affected",
              "version": "42.1.0.21190"
            },
            {
              "status": "affected",
              "version": "42.1.0.2219"
            },
            {
              "status": "affected",
              "version": "42.10"
            },
            {
              "status": "affected",
              "version": "42.10.0.23814"
            },
            {
              "status": "affected",
              "version": "42.10.0.24000"
            },
            {
              "status": "affected",
              "version": "42.11"
            },
            {
              "status": "affected",
              "version": "42.11.0.24187"
            },
            {
              "status": "affected",
              "version": "42.12"
            },
            {
              "status": "affected",
              "version": "42.12.0.24485"
            },
            {
              "status": "affected",
              "version": "42.2"
            },
            {
              "status": "affected",
              "version": "42.2.0.21338"
            },
            {
              "status": "affected",
              "version": "42.2.0.21486"
            },
            {
              "status": "affected",
              "version": "42.3"
            },
            {
              "status": "affected",
              "version": "42.3.0.21576"
            },
            {
              "status": "affected",
              "version": "42.4.1.22032"
            },
            {
              "status": "affected",
              "version": "42.5.0.22259"
            },
            {
              "status": "affected",
              "version": "42.6"
            },
            {
              "status": "affected",
              "version": "42.6.0.22565"
            },
            {
              "status": "affected",
              "version": "42.6.0.22645"
            },
            {
              "status": "affected",
              "version": "42.7"
            },
            {
              "status": "affected",
              "version": "42.7.0.22904"
            },
            {
              "status": "affected",
              "version": "42.7.0.23054"
            },
            {
              "status": "affected",
              "version": "42.8"
            },
            {
              "status": "affected",
              "version": "42.8.0.23214"
            },
            {
              "status": "affected",
              "version": "42.8.0.23281"
            },
            {
              "status": "affected",
              "version": "42.9"
            },
            {
              "status": "affected",
              "version": "42.9.0.23494"
            },
            {
              "status": "affected",
              "version": "43.1"
            },
            {
              "status": "affected",
              "version": "43.1.0.24716"
            },
            {
              "status": "affected",
              "version": "43.2"
            },
            {
              "status": "affected",
              "version": "43.2.0.25157"
            },
            {
              "status": "affected",
              "version": "43.2.0.25211"
            },
            {
              "status": "affected",
              "version": "43.3"
            },
            {
              "status": "affected",
              "version": "43.3.0.25468"
            },
            {
              "status": "affected",
              "version": "43.4"
            },
            {
              "status": "affected",
              "version": "43.4.0.25788"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.\r\n\r This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-523",
              "description": "Unprotected Transport of Credentials",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-17T16:32:07.102Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-webex-app-ZjNm8X8j",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
        }
      ],
      "source": {
        "advisory": "cisco-sa-webex-app-ZjNm8X8j",
        "defects": [
          "CSCwj36941",
          "CSCwj36943"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20395",
    "datePublished": "2024-07-17T16:32:07.102Z",
    "dateReserved": "2023-11-08T15:08:07.659Z",
    "dateUpdated": "2024-08-01T21:59:42.341Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4188 (GCVE-0-2024-4188)

Vulnerability from cvelistv5 – Published: 2024-07-30 14:35 – Updated: 2024-08-12 20:09
VLAI
Title
Security vulnerability exists in Documentum server cloud releases that could allow access to sensitive information which can impact system Operation.
Summary
Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-523 - Unprotected Transport of Credentials
Assigner
Impacted products
Vendor Product Version
OpenText™ Documentum™ Server Affected: 16.7 , ≤ 23.4 (custom)
Create a notification for this product.
opentext documentum_content_server Affected: 16.7 , ≤ 23.4 (custom)
    cpe:2.3:a:opentext:documentum_content_server:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:opentext:documentum_content_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "documentum_content_server",
            "vendor": "opentext",
            "versions": [
              {
                "lessThanOrEqual": "23.4",
                "status": "affected",
                "version": "16.7",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4188",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-31T18:17:10.914573Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T20:09:00.265Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:33:52.392Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.opentext.com/csm?id=kb_article_view\u0026sysparm_article=KB0815868"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Documentum\u2122 Server",
          "vendor": "OpenText\u2122",
          "versions": [
            {
              "lessThanOrEqual": "23.4",
              "status": "affected",
              "version": "16.7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Unprotected Transport of Credentials vulnerability in OpenText\u2122 Documentum\u2122 Server could allow Credential Stuffing.\u003cp\u003eThis issue affects Documentum\u2122 Server: from 16.7 through 23.4.\u003c/p\u003e"
            }
          ],
          "value": "Unprotected Transport of Credentials vulnerability in OpenText\u2122 Documentum\u2122 Server could allow Credential Stuffing.This issue affects Documentum\u2122 Server: from 16.7 through 23.4."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-600",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-600 Credential Stuffing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "AUTOMATIC",
            "Safety": "PRESENT",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:N/R:A/V:C/RE:H/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-523",
              "description": "CWE-523 Unprotected Transport of Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-30T14:35:09.650Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "OpenText"
      },
      "references": [
        {
          "url": "https://support.opentext.com/csm?id=kb_article_view\u0026sysparm_article=KB0815868"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=kb_article_view\u0026amp;sysparm_article=KB0815868\"\u003ehttps://support.opentext.com/csm?id=kb_article_view\u0026amp;sysparm_article=KB0815868\u003c/a\u003e\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "https://support.opentext.com/csm?id=kb_article_view\u0026sysparm_article=KB0815868"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Security vulnerability exists in Documentum server cloud releases that could allow access to sensitive information which can impact system Operation.",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "OpenText",
    "cveId": "CVE-2024-4188",
    "datePublished": "2024-07-30T14:35:09.650Z",
    "dateReserved": "2024-04-25T14:39:05.124Z",
    "dateUpdated": "2024-08-12T20:09:00.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1509 (GCVE-0-2024-1509)

Vulnerability from cvelistv5 – Published: 2025-02-28 21:52 – Updated: 2025-03-04 19:44
VLAI
Title
Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100
Summary
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-523 - Unprotected Transport of Credentials
Assigner
Impacted products
Vendor Product Version
Brocade ASCG Affected: before 3.2.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1509",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-04T19:44:36.614317Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-04T19:44:55.094Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ASCG",
          "vendor": "Brocade",
          "versions": [
            {
              "status": "affected",
              "version": "before 3.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Brocade ASCG before 3.2.0 Web Interface  is not \nenforcing HSTS, as defined by RFC 6797. HSTS is an optional response \nheader that can be configured on the server to instruct the browser to \nonly communicate via HTTPS. The lack of HSTS allows downgrade attacks, \nSSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking \nprotections."
            }
          ],
          "value": "Brocade ASCG before 3.2.0 Web Interface  is not \nenforcing HSTS, as defined by RFC 6797. HSTS is an optional response \nheader that can be configured on the server to instruct the browser to \nonly communicate via HTTPS. The lack of HSTS allows downgrade attacks, \nSSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking \nprotections."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-157",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-157: Sniffing Attacks"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "ADJACENT",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-523",
              "description": "CWE-523: Unprotected Transport of Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-28T21:52:33.870Z",
        "orgId": "87b297d7-335e-4844-9551-11b97995a791",
        "shortName": "brocade"
      },
      "references": [
        {
          "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
    "assignerShortName": "brocade",
    "cveId": "CVE-2024-1509",
    "datePublished": "2025-02-28T21:52:33.870Z",
    "dateReserved": "2024-02-14T20:17:33.442Z",
    "dateUpdated": "2025-03-04T19:44:55.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1102 (GCVE-0-2024-1102)

Vulnerability from cvelistv5 – Published: 2024-04-25 16:24 – Updated: 2025-11-11 15:53
VLAI
Title
Jberet: jberet-core logging database credentials
Summary
A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-523 - Unprotected Transport of Credentials
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
Vendor Product Version
Affected: 0 , < 2.2.1 (semver)
Red Hat Red Hat JBoss Enterprise Application Platform Unaffected: 1.3.9.SP3-redhat-00001 , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:6.2.2-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.1.4-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:6.2.2-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.1.4-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Create a notification for this product.
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
Create a notification for this product.
Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
Create a notification for this product.
Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
Create a notification for this product.
Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform 6     cpe:/a:redhat:jboss_enterprise_application_platform:6
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
Create a notification for this product.
Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
Create a notification for this product.
Date Public
2024-01-29 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1102",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-25T17:44:29.138829Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:00:15.959Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:26:30.505Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:3580",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3580"
          },
          {
            "name": "RHSA-2024:3581",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3581"
          },
          {
            "name": "RHSA-2024:3583",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3583"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-1102"
          },
          {
            "name": "RHBZ#2262060",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262060"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/jberet/jsr352/issues/452"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/jberet/jsr352",
          "defaultStatus": "unaffected",
          "packageName": "jberet",
          "versions": [
            {
              "lessThan": "2.2.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
          ],
          "defaultStatus": "affected",
          "packageName": "org.jberet/jberet-core",
          "product": "Red Hat JBoss Enterprise Application Platform",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.3.9.SP3-redhat-00001",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "jberet-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-search",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.2.2-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jberet",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.4-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-search",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.2.2-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jberet",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.4-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "unaffected",
          "packageName": "jberet-core",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "jberet-core",
          "product": "Red Hat Data Grid 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "jberet-core",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "jberet-core",
          "product": "Red Hat JBoss Data Grid 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "jberet-core",
          "product": "Red Hat JBoss Enterprise Application Platform 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak-adapter-eap6",
          "product": "Red Hat JBoss Enterprise Application Platform 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak-adapter-sso7_2-eap6",
          "product": "Red Hat JBoss Enterprise Application Platform 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak-adapter-sso7_3-eap6",
          "product": "Red Hat JBoss Enterprise Application Platform 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak-adapter-sso7_4-eap6",
          "product": "Red Hat JBoss Enterprise Application Platform 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak-adapter-sso7_5-eap6",
          "product": "Red Hat JBoss Enterprise Application Platform 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "org.keycloak-keycloak-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat JBoss Enterprise Application Platform 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7"
          ],
          "defaultStatus": "affected",
          "packageName": "jberet-core",
          "product": "Red Hat JBoss Enterprise Application Platform 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "jberet-core",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "jberet-core",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-01-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in jberet-core logging. An exception in \u0027dbProperties\u0027 might display user credentials such as the username and password for the database-connection."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-523",
              "description": "Unprotected Transport of Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T15:53:53.730Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1677"
        },
        {
          "name": "RHSA-2024:3580",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3580"
        },
        {
          "name": "RHSA-2024:3581",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3581"
        },
        {
          "name": "RHSA-2024:3583",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3583"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-1102"
        },
        {
          "name": "RHBZ#2262060",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262060"
        },
        {
          "url": "https://github.com/jberet/jsr352/issues/452"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-31T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-01-29T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Jberet: jberet-core logging database credentials",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-523: Unprotected Transport of Credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-1102",
    "datePublished": "2024-04-25T16:24:30.245Z",
    "dateReserved": "2024-01-31T07:59:38.413Z",
    "dateUpdated": "2025-11-11T15:53:53.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-31277 (GCVE-0-2023-31277)

Vulnerability from cvelistv5 – Published: 2023-07-06 22:56 – Updated: 2024-11-14 14:04
VLAI
Title
PiiGAB M-Bus Unprotected Transport of Credentials
Summary
PiiGAB M-Bus transmits credentials in plaintext format.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-523 - Unprotected Transport of Credentials
Assigner
Impacted products
Vendor Product Version
PiiGAB M-Bus SoftwarePack Affected: 900S
Create a notification for this product.
piigab m-bus_900s Affected: 900s
    cpe:2.3:h:piigab:m-bus_900s:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-07-06 22:42
Credits
Floris Hendriks and Jeroen Wijenbergh of Radboud University reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:53:30.882Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:piigab:m-bus_900s:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "m-bus_900s",
            "vendor": "piigab",
            "versions": [
              {
                "status": "affected",
                "version": "900s"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-31277",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-14T14:03:22.178626Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-14T14:04:05.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "M-Bus SoftwarePack",
          "vendor": "PiiGAB ",
          "versions": [
            {
              "status": "affected",
              "version": "900S"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Floris Hendriks and Jeroen Wijenbergh of Radboud University reported these vulnerabilities to CISA."
        }
      ],
      "datePublic": "2023-07-06T22:42:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePiiGAB M-Bus transmits credentials in plaintext format.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
            }
          ],
          "value": "\n\n\n\n\nPiiGAB M-Bus transmits credentials in plaintext format.\n\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-523",
              "description": "CWE-523 Unprotected Transport of Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-06T22:56:10.047Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePiiGAB created updated software to address these issues and encourages users to install the new update on their own gateway. The new software packages can be downloaded directly from the web UI in the gateway and older gateways can download it from \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.piigab.se/\"\u003ePiigab.se\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.piigab.com/\"\u003ePiigab.com\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nPiiGAB created updated software to address these issues and encourages users to install the new update on their own gateway. The new software packages can be downloaded directly from the web UI in the gateway and older gateways can download it from  Piigab.se http://www.piigab.se/ \u00a0or  Piigab.com https://www.piigab.com/ .\n\n\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "PiiGAB M-Bus Unprotected Transport of Credentials",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnsure the least-privilege user principle is followed.\u003c/li\u003e\u003cli\u003eSet unique and secure passwords for all products requiring authentication.\u003c/li\u003e\u003cli\u003eMinimize network exposure for all control system devices and/or systems, and ensure they are \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01\"\u003enot accessible from the Internet\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eLocate control system networks and remote devices behind firewalls and isolate them from business networks.\u003c/li\u003e\u003cli\u003eWhen remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n  *  Ensure the least-privilege user principle is followed.\n  *  Set unique and secure passwords for all products requiring authentication.\n  *  Minimize network exposure for all control system devices and/or systems, and ensure they are  not accessible from the Internet https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 .\n  *  Locate control system networks and remote devices behind firewalls and isolate them from business networks.\n  *  When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\n\n\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-31277",
    "datePublished": "2023-07-06T22:56:10.047Z",
    "dateReserved": "2023-06-27T16:55:52.752Z",
    "dateUpdated": "2024-11-14T14:04:05.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28708 (GCVE-0-2023-28708)

Vulnerability from cvelistv5 – Published: 2023-03-22 10:10 – Updated: 2025-11-04 19:15
VLAI
Title
Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations
Summary
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-523 - Unprotected Transport of Credentials
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache Tomcat Affected: 11.0.0-M1 , ≤ 11.0.0-M2 (semver)
Affected: 10.1.0-M1 , ≤ 10.1.5 (semver)
Affected: 9.0.0-M1 , ≤ 9.0.71 (semver)
Affected: 8.5.0 , ≤ 8.5.85 (semver)
Unknown: 3 , < 8.5.0 (semver)
Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:15:54.760Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20230331-0012/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-28708",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T14:33:37.066034Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-13T14:36:47.576Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.0-M2",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.5",
              "status": "affected",
              "version": "10.1.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.71",
              "status": "affected",
              "version": "9.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.85",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.5.0",
              "status": "unknown",
              "version": "3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.27",
              "status": "unknown",
              "version": "10.0.0-M1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\n\u003cdiv\u003e\n\u003cp\u003eWhen using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u0026nbsp;include the secure attribute. This could result in the user agent\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003etransmitting the session cookie over an insecure channel.\u003cbr\u003e\u003cbr\u003eOlder, EOL versions may also be affected.\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\n\u003c/div\u003e"
            }
          ],
          "value": "When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-523",
              "description": "CWE-523 Unprotected Transport of Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T12:07:09.307Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
        }
      ],
      "source": {
        "defect": [
          "66474"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-28708",
    "datePublished": "2023-03-22T10:10:58.956Z",
    "dateReserved": "2023-03-21T17:26:28.837Z",
    "dateUpdated": "2025-11-04T19:15:54.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-22862 (GCVE-0-2023-22862)

Vulnerability from cvelistv5 – Published: 2023-06-04 23:42 – Updated: 2025-01-08 19:50
VLAI
Title
IBM Aspera information disclosure
Summary
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-523 - Unprotected Transport of Credentials
Assigner
ibm
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:20:31.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7001053"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244107"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22862",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-08T19:50:32.687708Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-08T19:50:48.115Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Aspera Connect",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aspera Cargo",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.2.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval."
            }
          ],
          "value": "IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-523",
              "description": "CWE-523 Unprotected Transport of Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-27T14:54:37.489Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7001053"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Aspera information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-22862",
    "datePublished": "2023-06-04T23:42:57.221Z",
    "dateReserved": "2023-01-09T15:16:41.368Z",
    "dateUpdated": "2025-01-08T19:50:48.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-31805 (GCVE-0-2022-31805)

Vulnerability from cvelistv5 – Published: 2022-06-24 07:46 – Updated: 2024-09-16 18:55
VLAI
Title
Insecure transmission of credentials
Summary
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
CWE
  • CWE-523 - Unprotected Transport of Credentials
Assigner
References
Date Public
2022-06-22 22:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:26:01.086Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Development System",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V2.3.9.69",
              "status": "affected",
              "version": "V2",
              "versionType": "custom"
            },
            {
              "lessThan": "V3.5.18.30",
              "status": "affected",
              "version": "V3",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Gateway Client",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V2.3.9.38",
              "status": "affected",
              "version": "V2",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Gateway Server",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V2.3.9.38",
              "status": "affected",
              "version": "V2",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Web server",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V1.1.9.23",
              "status": "affected",
              "version": "V1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS SP Realtime NT",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V2.3.7.30",
              "status": "affected",
              "version": "V2",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS PLCWinNT",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V2.4.7.57",
              "status": "affected",
              "version": "V2",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Runtime Toolkit 32 bit full",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V2.4.7.57",
              "status": "affected",
              "version": "V2",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Edge Gateway for Windows",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V3.5.18.30",
              "status": "affected",
              "version": "V3",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS HMI (SL)",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V3.5.18.30",
              "status": "affected",
              "version": "V3",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS OPC DA Server SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V3.5.18.30",
              "status": "affected",
              "version": "V3",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS PLCHandler",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V3.5.18.30",
              "status": "affected",
              "version": "V3",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Gateway",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V3.5.18.30",
              "status": "affected",
              "version": "V3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-06-22T22:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.\u003c/p\u003e"
            }
          ],
          "value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-523",
              "description": "CWE-523 Unprotected Transport of Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T12:54:39.506Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
        }
      ],
      "source": {
        "defect": [
          "CERT@VDE#",
          "64140"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Insecure transmission of credentials",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2022-06-23T10:00:00.000Z",
          "ID": "CVE-2022-31805",
          "STATE": "PUBLIC",
          "TITLE": "Insecure transmission of credentials"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CODESYS Development System",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "V2",
                            "version_value": "V2.3.9.69"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "V3",
                            "version_value": "V3.5.18.20"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CODESYS Gateway Client",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "V2",
                            "version_value": "V2.3.9.38"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CODESYS Gateway Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "V2",
                            "version_value": "V2.3.9.38"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CODESYS Web server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "V1",
                            "version_value": "V1.1.9.23"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CODESYS SP Realtime NT",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "V2",
                            "version_value": "V2.3.7.30"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CODESYS PLCWinNT",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "V2",
                            "version_value": "V2.4.7.57"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CODESYS Runtime Toolkit 32 bit full",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "V2",
                            "version_value": "V2.4.7.57"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CODESYS Edge Gateway for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "V3",
                            "version_value": "V3.5.18.20"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CODESYS HMI (SL)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "V3",
                            "version_value": "V3.5.18.20"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CODESYS OPC DA Server SL",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "V3",
                            "version_value": "V3.5.18.20"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CODESYS PLCHandler",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "V3",
                            "version_value": "V3.5.18.20"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CODESYS Gateway",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "V3",
                            "version_value": "V3.5.18.20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "CODESYS"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-523 Unprotected Transport of Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download=",
              "refsource": "CONFIRM",
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
            }
          ]
        },
        "source": {
          "defect": [
            "CERT@VDE#",
            "64140"
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2022-31805",
    "datePublished": "2022-06-24T07:46:15.076Z",
    "dateReserved": "2022-05-30T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:55:26.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-38460 (GCVE-0-2021-38460)

Vulnerability from cvelistv5 – Published: 2021-10-12 13:38 – Updated: 2024-09-17 00:42
VLAI
Title
Moxa MXview Network Management Software
Summary
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CWE
  • CWE-523 - UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523
Assigner
References
Impacted products
Vendor Product Version
Moxa MXview Network Management Software Affected: 3.x , ≤ 3.2.2 (custom)
Create a notification for this product.
Date Public
2021-10-05 00:00
Credits
Noam Moshe from Claroty reported these vulnerabilities to Moxa.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:44:22.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MXview Network Management Software",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.2.2",
              "status": "affected",
              "version": "3.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Noam Moshe from Claroty reported these vulnerabilities to Moxa."
        }
      ],
      "datePublic": "2021-10-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-523",
              "description": "UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-12T13:38:11.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Moxa recommends users do the following:\n\nUpgrade to software package v3.2.4 or higher.\nUsers should change their Windows password regularly and use a firewall.\nIf users need to use a multiple-site function, Moxa recommends a firewall to block Port 8883. If users do not have this requirement, Moxa suggests using the firewall to assign the Accessible IP of MXview at the client site."
        }
      ],
      "source": {
        "advisory": "ICSA-21-278-03",
        "discovery": "UNKNOWN"
      },
      "title": "Moxa MXview Network Management Software",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2021-10-05T20:03:00.000Z",
          "ID": "CVE-2021-38460",
          "STATE": "PUBLIC",
          "TITLE": "Moxa MXview Network Management Software"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MXview Network Management Software",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "3.x",
                            "version_value": "3.2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Moxa"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Noam Moshe from Claroty reported these vulnerabilities to Moxa."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Moxa recommends users do the following:\n\nUpgrade to software package v3.2.4 or higher.\nUsers should change their Windows password regularly and use a firewall.\nIf users need to use a multiple-site function, Moxa recommends a firewall to block Port 8883. If users do not have this requirement, Moxa suggests using the firewall to assign the Accessible IP of MXview at the client site."
          }
        ],
        "source": {
          "advisory": "ICSA-21-278-03",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-38460",
    "datePublished": "2021-10-12T13:38:11.412Z",
    "dateReserved": "2021-08-10T00:00:00.000Z",
    "dateUpdated": "2024-09-17T00:42:28.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32003 (GCVE-0-2021-32003)

Vulnerability from cvelistv5 – Published: 2021-08-05 20:33 – Updated: 2024-08-03 23:17
VLAI
Title
Configuration service port remains open 10 minutes after reboot even when already provisioned
Summary
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
CWE
  • CWE-523 - Unprotected Transport of Credentials
Assigner
References
Impacted products
Vendor Product Version
Secomea SiteManager Affected: All , < 9.5 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:17:27.897Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.secomea.com/support/cybersecurity-advisory"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Hardware"
          ],
          "product": "SiteManager",
          "vendor": "Secomea",
          "versions": [
            {
              "lessThan": "9.5",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-523",
              "description": "CWE-523 Unprotected Transport of Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-05T20:33:30.000Z",
        "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "shortName": "Secomea"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.secomea.com/support/cybersecurity-advisory"
        }
      ],
      "source": {
        "defect": [
          "RD-3777"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Configuration service port remains open 10 minutes after reboot even when already provisioned",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "VulnerabilityReporting@secomea.com",
          "ID": "CVE-2021-32003",
          "STATE": "PUBLIC",
          "TITLE": "Configuration service port remains open 10 minutes after reboot even when already provisioned"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SiteManager",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Hardware",
                            "version_affected": "\u003c",
                            "version_name": "All",
                            "version_value": "9.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Secomea"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-523 Unprotected Transport of Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.secomea.com/support/cybersecurity-advisory",
              "refsource": "MISC",
              "url": "https://www.secomea.com/support/cybersecurity-advisory"
            }
          ]
        },
        "source": {
          "defect": [
            "RD-3777"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
    "assignerShortName": "Secomea",
    "cveId": "CVE-2021-32003",
    "datePublished": "2021-08-05T20:33:30.000Z",
    "dateReserved": "2021-05-03T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:17:27.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Operation System Configuration

Enforce SSL use for the login page or any page used to transmit user credentials or other sensitive information. Even if the entire site does not use SSL, it MUST use SSL for login. Additionally, to help prevent phishing attacks, make sure that SSL serves the login page. SSL allows the user to verify the identity of the server to which they are connecting. If the SSL serves login page, the user can be certain they are talking to the proper end system. A phishing attack would typically redirect a user to a site that does not have a valid trusted server certificate issued from an authorized supplier.

CAPEC-102: Session Sidejacking

Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.