CWE-523
AllowedUnprotected Transport of Credentials
Abstraction: Base · Status: Incomplete
Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.
40 vulnerabilities reference this CWE, most recent first.
CVE-2024-20395 (GCVE-0-2024-20395)
Vulnerability from cvelistv5 – Published: 2024-07-17 16:32 – Updated: 2024-08-01 21:59- CWE-523 - Unprotected Transport of Credentials
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Webex Teams |
Affected:
3.0.13464.0
Affected: 3.0.13538.0 Affected: 3.0.13588.0 Affected: 3.0.14154.0 Affected: 3.0.14234.0 Affected: 3.0.14375.0 Affected: 3.0.14741.0 Affected: 3.0.14866.0 Affected: 3.0.15015.0 Affected: 3.0.15036.0 Affected: 3.0.15092.0 Affected: 3.0.15131.0 Affected: 3.0.15164.0 Affected: 3.0.15221.0 Affected: 3.0.15333.0 Affected: 3.0.15410.0 Affected: 3.0.15485.0 Affected: 3.0.15645.0 Affected: 3.0.15711.0 Affected: 3.0.16040.0 Affected: 3.0.16269.0 Affected: 3.0.16273.0 Affected: 3.0.16285.0 Affected: 4.0 Affected: 4.1 Affected: 4.10 Affected: 4.12 Affected: 4.13 Affected: 4.14 Affected: 4.15 Affected: 4.16 Affected: 4.17 Affected: 4.18 Affected: 4.19 Affected: 4.2 Affected: 4.20 Affected: 4.3 Affected: 4.4 Affected: 4.5 Affected: 4.6 Affected: 4.8 Affected: 4.9 Affected: 4.1.57 Affected: 4.1.92 Affected: 4.10.343 Affected: 4.11.211 Affected: 4.12.236 Affected: 4.13.200 Affected: 4.2.42 Affected: 4.2.75 Affected: 4.5.224 Affected: 4.6.197 Affected: 4.7.78 Affected: 4.8.170 Affected: 4.9.205 Affected: 4.9.252 Affected: 4.9.269 Affected: 42.1.0.169 Affected: 42.1.0.21190 Affected: 42.1.0.2219 Affected: 42.10 Affected: 42.10.0.23814 Affected: 42.10.0.24000 Affected: 42.11 Affected: 42.11.0.24187 Affected: 42.12 Affected: 42.12.0.24485 Affected: 42.2 Affected: 42.2.0.21338 Affected: 42.2.0.21486 Affected: 42.3 Affected: 42.3.0.21576 Affected: 42.4.1.22032 Affected: 42.5.0.22259 Affected: 42.6 Affected: 42.6.0.22565 Affected: 42.6.0.22645 Affected: 42.7 Affected: 42.7.0.22904 Affected: 42.7.0.23054 Affected: 42.8 Affected: 42.8.0.23214 Affected: 42.8.0.23281 Affected: 42.9 Affected: 42.9.0.23494 Affected: 43.1 Affected: 43.1.0.24716 Affected: 43.2 Affected: 43.2.0.25157 Affected: 43.2.0.25211 Affected: 43.3 Affected: 43.3.0.25468 Affected: 43.4 Affected: 43.4.0.25788 |
|
| cisco | webex_teams |
Affected:
3.0.13464.0
Affected: 3.0.13538.0 Affected: 3.0.13588.0 Affected: 3.0.14154.0 Affected: 3.0.14234.0 Affected: 3.0.14375.0 Affected: 3.0.14741.0 Affected: 3.0.14866.0 Affected: 3.0.15015.0 Affected: 3.0.15036.0 Affected: 3.0.15092.0 Affected: 3.0.15131.0 Affected: 3.0.15164.0 Affected: 3.0.15221.0 Affected: 3.0.15333.0 Affected: 3.0.15410.0 Affected: 3.0.15485.0 Affected: 3.0.15645.0 Affected: 3.0.15711.0 Affected: 3.0.16040.0 Affected: 3.0.16269.0 Affected: 3.0.16273.0 Affected: 3.0.16285.0 Affected: 4.0 Affected: 4.1 Affected: 4.10 Affected: 4.12 Affected: 4.13 Affected: 4.14 Affected: 4.15 Affected: 4.16 Affected: 4.17 Affected: 4.18 Affected: 4.19 Affected: 4.2 Affected: 4.20 Affected: 4.3 Affected: 4.4 Affected: 4.5 Affected: 4.6 Affected: 4.8 Affected: 4.9 Affected: 4.1.57 Affected: 4.1.92 Affected: 4.10.343 Affected: 4.11.211 Affected: 4.12.236 Affected: 4.13.200 Affected: 4.2.42 Affected: 4.2.75 Affected: 4.5.224 Affected: 4.6.197 Affected: 4.7.78 Affected: 4.8.170 Affected: 4.9.205 Affected: 4.9.252 Affected: 4.9.269 Affected: 42.1.0.169 Affected: 42.1.0.21190 Affected: 42.1.0.2219 Affected: 42.10 Affected: 42.10.0.23814 Affected: 42.10.0.24000 Affected: 42.11 Affected: 42.11.0.24187 Affected: 42.12 Affected: 42.12.0.24485 Affected: 42.2 Affected: 42.2.0.21338 Affected: 42.2.0.21486 Affected: 42.3 Affected: 42.3.0.21576 Affected: 42.4.1.22032 Affected: 42.5.0.22259 Affected: 42.6 Affected: 42.6.0.22565 Affected: 42.6.0.22645 Affected: 42.7 Affected: 42.7.0.22904 Affected: 42.7.0.23054 Affected: 42.8 Affected: 42.8.0.23214 Affected: 42.8.0.23281 Affected: 42.9 Affected: 42.9.0.23494 Affected: 43.1 Affected: 43.1.0.24716 Affected: 43.2 Affected: 43.2.0.25157 Affected: 43.2.0.25211 Affected: 43.3 Affected: 43.3.0.25468 Affected: 43.4 Affected: 43.4.0.25788 cpe:2.3:a:cisco:webex_teams:3.0.13464.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.13538.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.13588.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.14154.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.14234.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.14375.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.14741.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.14866.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.15015.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.15036.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.15092.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.15131.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.15164.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.15221.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.15333.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.15410.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.15485.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.15645.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.15711.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.16040.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.16269.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.16273.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:3.0.16285.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.10:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.12:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.13:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.14:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.15:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.16:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.17:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.18:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.19:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.20:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.4:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.5:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.6:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.8:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.9:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.1.57:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.1.92:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.10.343:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.11.211:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.12.236:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.13.200:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.2.42:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.2.75:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.5.224:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.6.197:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.7.78:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.8.170:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.9.205:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.9.252:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:4.9.269:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.1.0.169:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.1.0.21190:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.1.0.2219:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.10:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.10.0.23814:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.10.0.24000:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.11:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.11.0.24187:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.12:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.12.0.24485:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.2.0.21338:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.2.0.21486:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.3.0.21576:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.4.1.22032:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.5.0.22259:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.6:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.6.0.22565:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.6.0.22645:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.7:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.7.0.22904:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.7.0.23054:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.8:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.8.0.23214:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.8.0.23281:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.9:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:42.9.0.23494:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:43.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:43.1.0.24716:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:43.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:43.2.0.25157:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:43.2.0.25211:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:43.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:43.3.0.25468:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:43.4:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_teams:43.4.0.25788:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:webex_teams:3.0.13464.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.13538.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.13588.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14154.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14234.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14375.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14741.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14866.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15015.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15036.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15092.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15131.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15164.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15221.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15333.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15410.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15485.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15645.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15711.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.16040.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.16269.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.16273.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.16285.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.12:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.13:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.14:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.15:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.16:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.17:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.18:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.19:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.20:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.1.57:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.1.92:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.10.343:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.11.211:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.12.236:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.13.200:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.2.42:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.2.75:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.5.224:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.6.197:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.7.78:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.8.170:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.9.205:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.9.252:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.9.269:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.1.0.169:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.1.0.21190:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.1.0.2219:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.10:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.10.0.23814:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.10.0.24000:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.11:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.11.0.24187:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.12:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.12.0.24485:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.2.0.21338:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.2.0.21486:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.3.0.21576:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.4.1.22032:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.5.0.22259:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.6.0.22565:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.6.0.22645:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.7:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.7.0.22904:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.7.0.23054:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.8:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.8.0.23214:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.8.0.23281:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.9.0.23494:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.1.0.24716:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.2.0.25157:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.2.0.25211:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.3.0.25468:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.4.0.25788:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webex_teams",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "3.0.13464.0"
},
{
"status": "affected",
"version": "3.0.13538.0"
},
{
"status": "affected",
"version": "3.0.13588.0"
},
{
"status": "affected",
"version": "3.0.14154.0"
},
{
"status": "affected",
"version": "3.0.14234.0"
},
{
"status": "affected",
"version": "3.0.14375.0"
},
{
"status": "affected",
"version": "3.0.14741.0"
},
{
"status": "affected",
"version": "3.0.14866.0"
},
{
"status": "affected",
"version": "3.0.15015.0"
},
{
"status": "affected",
"version": "3.0.15036.0"
},
{
"status": "affected",
"version": "3.0.15092.0"
},
{
"status": "affected",
"version": "3.0.15131.0"
},
{
"status": "affected",
"version": "3.0.15164.0"
},
{
"status": "affected",
"version": "3.0.15221.0"
},
{
"status": "affected",
"version": "3.0.15333.0"
},
{
"status": "affected",
"version": "3.0.15410.0"
},
{
"status": "affected",
"version": "3.0.15485.0"
},
{
"status": "affected",
"version": "3.0.15645.0"
},
{
"status": "affected",
"version": "3.0.15711.0"
},
{
"status": "affected",
"version": "3.0.16040.0"
},
{
"status": "affected",
"version": "3.0.16269.0"
},
{
"status": "affected",
"version": "3.0.16273.0"
},
{
"status": "affected",
"version": "3.0.16285.0"
},
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.10"
},
{
"status": "affected",
"version": "4.12"
},
{
"status": "affected",
"version": "4.13"
},
{
"status": "affected",
"version": "4.14"
},
{
"status": "affected",
"version": "4.15"
},
{
"status": "affected",
"version": "4.16"
},
{
"status": "affected",
"version": "4.17"
},
{
"status": "affected",
"version": "4.18"
},
{
"status": "affected",
"version": "4.19"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.20"
},
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "4.4"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6"
},
{
"status": "affected",
"version": "4.8"
},
{
"status": "affected",
"version": "4.9"
},
{
"status": "affected",
"version": "4.1.57"
},
{
"status": "affected",
"version": "4.1.92"
},
{
"status": "affected",
"version": "4.10.343"
},
{
"status": "affected",
"version": "4.11.211"
},
{
"status": "affected",
"version": "4.12.236"
},
{
"status": "affected",
"version": "4.13.200"
},
{
"status": "affected",
"version": "4.2.42"
},
{
"status": "affected",
"version": "4.2.75"
},
{
"status": "affected",
"version": "4.5.224"
},
{
"status": "affected",
"version": "4.6.197"
},
{
"status": "affected",
"version": "4.7.78"
},
{
"status": "affected",
"version": "4.8.170"
},
{
"status": "affected",
"version": "4.9.205"
},
{
"status": "affected",
"version": "4.9.252"
},
{
"status": "affected",
"version": "4.9.269"
},
{
"status": "affected",
"version": "42.1.0.169"
},
{
"status": "affected",
"version": "42.1.0.21190"
},
{
"status": "affected",
"version": "42.1.0.2219"
},
{
"status": "affected",
"version": "42.10"
},
{
"status": "affected",
"version": "42.10.0.23814"
},
{
"status": "affected",
"version": "42.10.0.24000"
},
{
"status": "affected",
"version": "42.11"
},
{
"status": "affected",
"version": "42.11.0.24187"
},
{
"status": "affected",
"version": "42.12"
},
{
"status": "affected",
"version": "42.12.0.24485"
},
{
"status": "affected",
"version": "42.2"
},
{
"status": "affected",
"version": "42.2.0.21338"
},
{
"status": "affected",
"version": "42.2.0.21486"
},
{
"status": "affected",
"version": "42.3"
},
{
"status": "affected",
"version": "42.3.0.21576"
},
{
"status": "affected",
"version": "42.4.1.22032"
},
{
"status": "affected",
"version": "42.5.0.22259"
},
{
"status": "affected",
"version": "42.6"
},
{
"status": "affected",
"version": "42.6.0.22565"
},
{
"status": "affected",
"version": "42.6.0.22645"
},
{
"status": "affected",
"version": "42.7"
},
{
"status": "affected",
"version": "42.7.0.22904"
},
{
"status": "affected",
"version": "42.7.0.23054"
},
{
"status": "affected",
"version": "42.8"
},
{
"status": "affected",
"version": "42.8.0.23214"
},
{
"status": "affected",
"version": "42.8.0.23281"
},
{
"status": "affected",
"version": "42.9"
},
{
"status": "affected",
"version": "42.9.0.23494"
},
{
"status": "affected",
"version": "43.1"
},
{
"status": "affected",
"version": "43.1.0.24716"
},
{
"status": "affected",
"version": "43.2"
},
{
"status": "affected",
"version": "43.2.0.25157"
},
{
"status": "affected",
"version": "43.2.0.25211"
},
{
"status": "affected",
"version": "43.3"
},
{
"status": "affected",
"version": "43.3.0.25468"
},
{
"status": "affected",
"version": "43.4"
},
{
"status": "affected",
"version": "43.4.0.25788"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T03:55:23.962265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T13:23:45.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-webex-app-ZjNm8X8j",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Webex Teams",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0.13464.0"
},
{
"status": "affected",
"version": "3.0.13538.0"
},
{
"status": "affected",
"version": "3.0.13588.0"
},
{
"status": "affected",
"version": "3.0.14154.0"
},
{
"status": "affected",
"version": "3.0.14234.0"
},
{
"status": "affected",
"version": "3.0.14375.0"
},
{
"status": "affected",
"version": "3.0.14741.0"
},
{
"status": "affected",
"version": "3.0.14866.0"
},
{
"status": "affected",
"version": "3.0.15015.0"
},
{
"status": "affected",
"version": "3.0.15036.0"
},
{
"status": "affected",
"version": "3.0.15092.0"
},
{
"status": "affected",
"version": "3.0.15131.0"
},
{
"status": "affected",
"version": "3.0.15164.0"
},
{
"status": "affected",
"version": "3.0.15221.0"
},
{
"status": "affected",
"version": "3.0.15333.0"
},
{
"status": "affected",
"version": "3.0.15410.0"
},
{
"status": "affected",
"version": "3.0.15485.0"
},
{
"status": "affected",
"version": "3.0.15645.0"
},
{
"status": "affected",
"version": "3.0.15711.0"
},
{
"status": "affected",
"version": "3.0.16040.0"
},
{
"status": "affected",
"version": "3.0.16269.0"
},
{
"status": "affected",
"version": "3.0.16273.0"
},
{
"status": "affected",
"version": "3.0.16285.0"
},
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.10"
},
{
"status": "affected",
"version": "4.12"
},
{
"status": "affected",
"version": "4.13"
},
{
"status": "affected",
"version": "4.14"
},
{
"status": "affected",
"version": "4.15"
},
{
"status": "affected",
"version": "4.16"
},
{
"status": "affected",
"version": "4.17"
},
{
"status": "affected",
"version": "4.18"
},
{
"status": "affected",
"version": "4.19"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.20"
},
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "4.4"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6"
},
{
"status": "affected",
"version": "4.8"
},
{
"status": "affected",
"version": "4.9"
},
{
"status": "affected",
"version": "4.1.57"
},
{
"status": "affected",
"version": "4.1.92"
},
{
"status": "affected",
"version": "4.10.343"
},
{
"status": "affected",
"version": "4.11.211"
},
{
"status": "affected",
"version": "4.12.236"
},
{
"status": "affected",
"version": "4.13.200"
},
{
"status": "affected",
"version": "4.2.42"
},
{
"status": "affected",
"version": "4.2.75"
},
{
"status": "affected",
"version": "4.5.224"
},
{
"status": "affected",
"version": "4.6.197"
},
{
"status": "affected",
"version": "4.7.78"
},
{
"status": "affected",
"version": "4.8.170"
},
{
"status": "affected",
"version": "4.9.205"
},
{
"status": "affected",
"version": "4.9.252"
},
{
"status": "affected",
"version": "4.9.269"
},
{
"status": "affected",
"version": "42.1.0.169"
},
{
"status": "affected",
"version": "42.1.0.21190"
},
{
"status": "affected",
"version": "42.1.0.2219"
},
{
"status": "affected",
"version": "42.10"
},
{
"status": "affected",
"version": "42.10.0.23814"
},
{
"status": "affected",
"version": "42.10.0.24000"
},
{
"status": "affected",
"version": "42.11"
},
{
"status": "affected",
"version": "42.11.0.24187"
},
{
"status": "affected",
"version": "42.12"
},
{
"status": "affected",
"version": "42.12.0.24485"
},
{
"status": "affected",
"version": "42.2"
},
{
"status": "affected",
"version": "42.2.0.21338"
},
{
"status": "affected",
"version": "42.2.0.21486"
},
{
"status": "affected",
"version": "42.3"
},
{
"status": "affected",
"version": "42.3.0.21576"
},
{
"status": "affected",
"version": "42.4.1.22032"
},
{
"status": "affected",
"version": "42.5.0.22259"
},
{
"status": "affected",
"version": "42.6"
},
{
"status": "affected",
"version": "42.6.0.22565"
},
{
"status": "affected",
"version": "42.6.0.22645"
},
{
"status": "affected",
"version": "42.7"
},
{
"status": "affected",
"version": "42.7.0.22904"
},
{
"status": "affected",
"version": "42.7.0.23054"
},
{
"status": "affected",
"version": "42.8"
},
{
"status": "affected",
"version": "42.8.0.23214"
},
{
"status": "affected",
"version": "42.8.0.23281"
},
{
"status": "affected",
"version": "42.9"
},
{
"status": "affected",
"version": "42.9.0.23494"
},
{
"status": "affected",
"version": "43.1"
},
{
"status": "affected",
"version": "43.1.0.24716"
},
{
"status": "affected",
"version": "43.2"
},
{
"status": "affected",
"version": "43.2.0.25157"
},
{
"status": "affected",
"version": "43.2.0.25211"
},
{
"status": "affected",
"version": "43.3"
},
{
"status": "affected",
"version": "43.3.0.25468"
},
{
"status": "affected",
"version": "43.4"
},
{
"status": "affected",
"version": "43.4.0.25788"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.\r\n\r This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "Unprotected Transport of Credentials",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T16:32:07.102Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-webex-app-ZjNm8X8j",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
}
],
"source": {
"advisory": "cisco-sa-webex-app-ZjNm8X8j",
"defects": [
"CSCwj36941",
"CSCwj36943"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20395",
"datePublished": "2024-07-17T16:32:07.102Z",
"dateReserved": "2023-11-08T15:08:07.659Z",
"dateUpdated": "2024-08-01T21:59:42.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4188 (GCVE-0-2024-4188)
Vulnerability from cvelistv5 – Published: 2024-07-30 14:35 – Updated: 2024-08-12 20:09- CWE-523 - Unprotected Transport of Credentials
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText™ | Documentum™ Server |
Affected:
16.7 , ≤ 23.4
(custom)
|
|
| opentext | documentum_content_server |
Affected:
16.7 , ≤ 23.4
(custom)
cpe:2.3:a:opentext:documentum_content_server:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:documentum_content_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "documentum_content_server",
"vendor": "opentext",
"versions": [
{
"lessThanOrEqual": "23.4",
"status": "affected",
"version": "16.7",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T18:17:10.914573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T20:09:00.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.opentext.com/csm?id=kb_article_view\u0026sysparm_article=KB0815868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Documentum\u2122 Server",
"vendor": "OpenText\u2122",
"versions": [
{
"lessThanOrEqual": "23.4",
"status": "affected",
"version": "16.7",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unprotected Transport of Credentials vulnerability in OpenText\u2122 Documentum\u2122 Server could allow Credential Stuffing.\u003cp\u003eThis issue affects Documentum\u2122 Server: from 16.7 through 23.4.\u003c/p\u003e"
}
],
"value": "Unprotected Transport of Credentials vulnerability in OpenText\u2122 Documentum\u2122 Server could allow Credential Stuffing.This issue affects Documentum\u2122 Server: from 16.7 through 23.4."
}
],
"impacts": [
{
"capecId": "CAPEC-600",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-600 Credential Stuffing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:N/R:A/V:C/RE:H/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523 Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T14:35:09.650Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=kb_article_view\u0026sysparm_article=KB0815868"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=kb_article_view\u0026amp;sysparm_article=KB0815868\"\u003ehttps://support.opentext.com/csm?id=kb_article_view\u0026amp;sysparm_article=KB0815868\u003c/a\u003e\n\n\n\n\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=kb_article_view\u0026sysparm_article=KB0815868"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Security vulnerability exists in Documentum server cloud releases that could allow access to sensitive information which can impact system Operation.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-4188",
"datePublished": "2024-07-30T14:35:09.650Z",
"dateReserved": "2024-04-25T14:39:05.124Z",
"dateUpdated": "2024-08-12T20:09:00.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1509 (GCVE-0-2024-1509)
Vulnerability from cvelistv5 – Published: 2025-02-28 21:52 – Updated: 2025-03-04 19:44- CWE-523 - Unprotected Transport of Credentials
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T19:44:36.614317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:44:55.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ASCG",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "before 3.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Brocade ASCG before 3.2.0 Web Interface is not \nenforcing HSTS, as defined by RFC 6797. HSTS is an optional response \nheader that can be configured on the server to instruct the browser to \nonly communicate via HTTPS. The lack of HSTS allows downgrade attacks, \nSSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking \nprotections."
}
],
"value": "Brocade ASCG before 3.2.0 Web Interface is not \nenforcing HSTS, as defined by RFC 6797. HSTS is an optional response \nheader that can be configured on the server to instruct the browser to \nonly communicate via HTTPS. The lack of HSTS allows downgrade attacks, \nSSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking \nprotections."
}
],
"impacts": [
{
"capecId": "CAPEC-157",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-157: Sniffing Attacks"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523: Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T21:52:33.870Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2024-1509",
"datePublished": "2025-02-28T21:52:33.870Z",
"dateReserved": "2024-02-14T20:17:33.442Z",
"dateUpdated": "2025-03-04T19:44:55.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1102 (GCVE-0-2024-1102)
Vulnerability from cvelistv5 – Published: 2024-04-25 16:24 – Updated: 2025-11-11 15:53| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:1677 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:3580 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:3581 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:3583 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2024-1102 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2262060 | issue-trackingx_refsource_REDHAT |
| https://github.com/jberet/jsr352/issues/452 |
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 2.2.1
(semver)
|
|||
| Red Hat | Red Hat JBoss Enterprise Application Platform |
Unaffected:
1.3.9.SP3-redhat-00001 , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:7.4 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 |
cpe:/a:redhat:jboss_enterprise_application_platform:8.0 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 |
Unaffected:
0:6.2.2-1.Final_redhat_00001.1.el8eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 |
Unaffected:
0:2.1.4-1.Final_redhat_00001.1.el8eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 |
Unaffected:
0:6.2.2-1.Final_redhat_00001.1.el9eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 |
Unaffected:
0:2.1.4-1.Final_redhat_00001.1.el9eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 |
|
| Red Hat | Red Hat Build of Keycloak |
cpe:/a:redhat:build_keycloak: |
|
| Red Hat | Red Hat Data Grid 8 |
cpe:/a:redhat:jboss_data_grid:8 |
|
| Red Hat | Red Hat Fuse 7 |
cpe:/a:redhat:jboss_fuse:7 |
|
| Red Hat | Red Hat JBoss Data Grid 7 |
cpe:/a:redhat:jboss_data_grid:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 6 |
cpe:/a:redhat:jboss_enterprise_application_platform:6 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 |
cpe:/a:redhat:jboss_enterprise_application_platform:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack |
cpe:/a:redhat:jbosseapxp |
|
| Red Hat | Red Hat Single Sign-On 7 |
cpe:/a:redhat:red_hat_single_sign_on:7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1102",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T17:44:29.138829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:00:15.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:3580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3580"
},
{
"name": "RHSA-2024:3581",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3581"
},
{
"name": "RHSA-2024:3583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3583"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-1102"
},
{
"name": "RHBZ#2262060",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262060"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jberet/jsr352/issues/452"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/jberet/jsr352",
"defaultStatus": "unaffected",
"packageName": "jberet",
"versions": [
{
"lessThan": "2.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
],
"defaultStatus": "affected",
"packageName": "org.jberet/jberet-core",
"product": "Red Hat JBoss Enterprise Application Platform",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.3.9.SP3-redhat-00001",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
],
"defaultStatus": "unaffected",
"packageName": "jberet-core",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
],
"defaultStatus": "affected",
"packageName": "eap8-hibernate-search",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.2.2-1.Final_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
],
"defaultStatus": "affected",
"packageName": "eap8-jberet",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.1.4-1.Final_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
],
"defaultStatus": "affected",
"packageName": "eap8-hibernate-search",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.2.2-1.Final_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
],
"defaultStatus": "affected",
"packageName": "eap8-jberet",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.1.4-1.Final_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:"
],
"defaultStatus": "unaffected",
"packageName": "jberet-core",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"packageName": "jberet-core",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "unknown",
"packageName": "jberet-core",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:7"
],
"defaultStatus": "unknown",
"packageName": "jberet-core",
"product": "Red Hat JBoss Data Grid 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
],
"defaultStatus": "unknown",
"packageName": "jberet-core",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
],
"defaultStatus": "unknown",
"packageName": "keycloak-adapter-eap6",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
],
"defaultStatus": "unknown",
"packageName": "keycloak-adapter-sso7_2-eap6",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
],
"defaultStatus": "unknown",
"packageName": "keycloak-adapter-sso7_3-eap6",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
],
"defaultStatus": "unknown",
"packageName": "keycloak-adapter-sso7_4-eap6",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
],
"defaultStatus": "unknown",
"packageName": "keycloak-adapter-sso7_5-eap6",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
],
"defaultStatus": "unknown",
"packageName": "org.keycloak-keycloak-parent",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
],
"defaultStatus": "unknown",
"packageName": "rh-sso7-keycloak",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "affected",
"packageName": "jberet-core",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "jberet-core",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "unaffected",
"packageName": "jberet-core",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
}
],
"datePublic": "2024-01-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in jberet-core logging. An exception in \u0027dbProperties\u0027 might display user credentials such as the username and password for the database-connection."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T15:53:53.730Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:1677",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"name": "RHSA-2024:3580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3580"
},
{
"name": "RHSA-2024:3581",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3581"
},
{
"name": "RHSA-2024:3583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3583"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-1102"
},
{
"name": "RHBZ#2262060",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262060"
},
{
"url": "https://github.com/jberet/jsr352/issues/452"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-31T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-29T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Jberet: jberet-core logging database credentials",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-523: Unprotected Transport of Credentials"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-1102",
"datePublished": "2024-04-25T16:24:30.245Z",
"dateReserved": "2024-01-31T07:59:38.413Z",
"dateUpdated": "2025-11-11T15:53:53.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31277 (GCVE-0-2023-31277)
Vulnerability from cvelistv5 – Published: 2023-07-06 22:56 – Updated: 2024-11-14 14:04- CWE-523 - Unprotected Transport of Credentials
| Vendor | Product | Version | |
|---|---|---|---|
| PiiGAB | M-Bus SoftwarePack |
Affected:
900S
|
|
| piigab | m-bus_900s |
Affected:
900s
cpe:2.3:h:piigab:m-bus_900s:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:piigab:m-bus_900s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "m-bus_900s",
"vendor": "piigab",
"versions": [
{
"status": "affected",
"version": "900s"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T14:03:22.178626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T14:04:05.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "M-Bus SoftwarePack",
"vendor": "PiiGAB ",
"versions": [
{
"status": "affected",
"version": "900S"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Floris Hendriks and Jeroen Wijenbergh of Radboud University reported these vulnerabilities to CISA."
}
],
"datePublic": "2023-07-06T22:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePiiGAB M-Bus transmits credentials in plaintext format.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\n\n\nPiiGAB M-Bus transmits credentials in plaintext format.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523 Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T22:56:10.047Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePiiGAB created updated software to address these issues and encourages users to install the new update on their own gateway. The new software packages can be downloaded directly from the web UI in the gateway and older gateways can download it from \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.piigab.se/\"\u003ePiigab.se\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.piigab.com/\"\u003ePiigab.com\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nPiiGAB created updated software to address these issues and encourages users to install the new update on their own gateway. The new software packages can be downloaded directly from the web UI in the gateway and older gateways can download it from Piigab.se http://www.piigab.se/ \u00a0or Piigab.com https://www.piigab.com/ .\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PiiGAB M-Bus Unprotected Transport of Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnsure the least-privilege user principle is followed.\u003c/li\u003e\u003cli\u003eSet unique and secure passwords for all products requiring authentication.\u003c/li\u003e\u003cli\u003eMinimize network exposure for all control system devices and/or systems, and ensure they are \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01\"\u003enot accessible from the Internet\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eLocate control system networks and remote devices behind firewalls and isolate them from business networks.\u003c/li\u003e\u003cli\u003eWhen remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Ensure the least-privilege user principle is followed.\n * Set unique and secure passwords for all products requiring authentication.\n * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 .\n * Locate control system networks and remote devices behind firewalls and isolate them from business networks.\n * When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-31277",
"datePublished": "2023-07-06T22:56:10.047Z",
"dateReserved": "2023-06-27T16:55:52.752Z",
"dateUpdated": "2024-11-14T14:04:05.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28708 (GCVE-0-2023-28708)
Vulnerability from cvelistv5 – Published: 2023-03-22 10:10 – Updated: 2025-11-04 19:15- CWE-523 - Unprotected Transport of Credentials
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/hdksc59z3s7tm39x0… | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2023033… |
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.0-M2
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.5 (semver) Affected: 9.0.0-M1 , ≤ 9.0.71 (semver) Affected: 8.5.0 , ≤ 8.5.85 (semver) Unknown: 3 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:15:54.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230331-0012/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T14:33:37.066034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T14:36:47.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.0-M2",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.5",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.71",
"status": "affected",
"version": "9.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.85",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "unknown",
"version": "3",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\n\u003cdiv\u003e\n\u003cp\u003eWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u0026nbsp;include the secure attribute. This could result in the user agent\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003etransmitting the session cookie over an insecure channel.\u003cbr\u003e\u003cbr\u003eOlder, EOL versions may also be affected.\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\n\u003c/div\u003e"
}
],
"value": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523 Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T12:07:09.307Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
}
],
"source": {
"defect": [
"66474"
],
"discovery": "UNKNOWN"
},
"title": "Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-28708",
"datePublished": "2023-03-22T10:10:58.956Z",
"dateReserved": "2023-03-21T17:26:28.837Z",
"dateUpdated": "2025-11-04T19:15:54.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-22862 (GCVE-0-2023-22862)
Vulnerability from cvelistv5 – Published: 2023-06-04 23:42 – Updated: 2025-01-08 19:50- CWE-523 - Unprotected Transport of Credentials
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7001053 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_transferred |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Aspera Connect |
Affected:
4.2.5
|
|
| IBM | Aspera Cargo |
Affected:
4.2.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7001053"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244107"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T19:50:32.687708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T19:50:48.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aspera Connect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "4.2.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aspera Cargo",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "4.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval."
}
],
"value": "IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523 Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T14:54:37.489Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7001053"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-22862",
"datePublished": "2023-06-04T23:42:57.221Z",
"dateReserved": "2023-01-09T15:16:41.368Z",
"dateUpdated": "2025-01-08T19:50:48.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31805 (GCVE-0-2022-31805)
Vulnerability from cvelistv5 – Published: 2022-06-24 07:46 – Updated: 2024-09-16 18:55- CWE-523 - Unprotected Transport of Credentials
| URL | Tags |
|---|---|
| https://customers.codesys.com/index.php?eID=dumpF… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | CODESYS Development System |
Affected:
V2 , < V2.3.9.69
(custom)
Affected: V3 , < V3.5.18.30 (custom) |
|
| CODESYS | CODESYS Gateway Client |
Affected:
V2 , < V2.3.9.38
(custom)
|
|
| CODESYS | CODESYS Gateway Server |
Affected:
V2 , < V2.3.9.38
(custom)
|
|
| CODESYS | CODESYS Web server |
Affected:
V1 , < V1.1.9.23
(custom)
|
|
| CODESYS | CODESYS SP Realtime NT |
Affected:
V2 , < V2.3.7.30
(custom)
|
|
| CODESYS | CODESYS PLCWinNT |
Affected:
V2 , < V2.4.7.57
(custom)
|
|
| CODESYS | CODESYS Runtime Toolkit 32 bit full |
Affected:
V2 , < V2.4.7.57
(custom)
|
|
| CODESYS | CODESYS Edge Gateway for Windows |
Affected:
V3 , < V3.5.18.30
(custom)
|
|
| CODESYS | CODESYS HMI (SL) |
Affected:
V3 , < V3.5.18.30
(custom)
|
|
| CODESYS | CODESYS OPC DA Server SL |
Affected:
V3 , < V3.5.18.30
(custom)
|
|
| CODESYS | CODESYS PLCHandler |
Affected:
V3 , < V3.5.18.30
(custom)
|
|
| CODESYS | CODESYS Gateway |
Affected:
V3 , < V3.5.18.30
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Development System",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.69",
"status": "affected",
"version": "V2",
"versionType": "custom"
},
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway Client",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway Server",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Web server",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V1.1.9.23",
"status": "affected",
"version": "V1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS SP Realtime NT",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.7.30",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS PLCWinNT",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.4.7.57",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Runtime Toolkit 32 bit full",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.4.7.57",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS OPC DA Server SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS PLCHandler",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-22T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.\u003c/p\u003e"
}
],
"value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523 Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T12:54:39.506Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64140"
],
"discovery": "UNKNOWN"
},
"title": "Insecure transmission of credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-23T10:00:00.000Z",
"ID": "CVE-2022-31805",
"STATE": "PUBLIC",
"TITLE": "Insecure transmission of credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Development System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.69"
},
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway Client",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
},
{
"product_name": "CODESYS Gateway Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
},
{
"product_name": "CODESYS Web server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V1",
"version_value": "V1.1.9.23"
}
]
}
},
{
"product_name": "CODESYS SP Realtime NT",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.7.30"
}
]
}
},
{
"product_name": "CODESYS PLCWinNT",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.4.7.57"
}
]
}
},
{
"product_name": "CODESYS Runtime Toolkit 32 bit full",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.4.7.57"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS OPC DA Server SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS PLCHandler",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-523 Unprotected Transport of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64140"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31805",
"datePublished": "2022-06-24T07:46:15.076Z",
"dateReserved": "2022-05-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:55:26.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38460 (GCVE-0-2021-38460)
Vulnerability from cvelistv5 – Published: 2021-10-12 13:38 – Updated: 2024-09-17 00:42- CWE-523 - UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Moxa | MXview Network Management Software |
Affected:
3.x , ≤ 3.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MXview Network Management Software",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "3.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe from Claroty reported these vulnerabilities to Moxa."
}
],
"datePublic": "2021-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T13:38:11.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Moxa recommends users do the following:\n\nUpgrade to software package v3.2.4 or higher.\nUsers should change their Windows password regularly and use a firewall.\nIf users need to use a multiple-site function, Moxa recommends a firewall to block Port 8883. If users do not have this requirement, Moxa suggests using the firewall to assign the Accessible IP of MXview at the client site."
}
],
"source": {
"advisory": "ICSA-21-278-03",
"discovery": "UNKNOWN"
},
"title": "Moxa MXview Network Management Software",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-10-05T20:03:00.000Z",
"ID": "CVE-2021-38460",
"STATE": "PUBLIC",
"TITLE": "Moxa MXview Network Management Software"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MXview Network Management Software",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.x",
"version_value": "3.2.2"
}
]
}
}
]
},
"vendor_name": "Moxa"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe from Claroty reported these vulnerabilities to Moxa."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Moxa recommends users do the following:\n\nUpgrade to software package v3.2.4 or higher.\nUsers should change their Windows password regularly and use a firewall.\nIf users need to use a multiple-site function, Moxa recommends a firewall to block Port 8883. If users do not have this requirement, Moxa suggests using the firewall to assign the Accessible IP of MXview at the client site."
}
],
"source": {
"advisory": "ICSA-21-278-03",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38460",
"datePublished": "2021-10-12T13:38:11.412Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:42:28.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32003 (GCVE-0-2021-32003)
Vulnerability from cvelistv5 – Published: 2021-08-05 20:33 – Updated: 2024-08-03 23:17- CWE-523 - Unprotected Transport of Credentials
| URL | Tags |
|---|---|
| https://www.secomea.com/support/cybersecurity-advisory | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Secomea | SiteManager |
Affected:
All , < 9.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:27.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Hardware"
],
"product": "SiteManager",
"vendor": "Secomea",
"versions": [
{
"lessThan": "9.5",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523 Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:33:30.000Z",
"orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"shortName": "Secomea"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory"
}
],
"source": {
"defect": [
"RD-3777"
],
"discovery": "INTERNAL"
},
"title": "Configuration service port remains open 10 minutes after reboot even when already provisioned",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "VulnerabilityReporting@secomea.com",
"ID": "CVE-2021-32003",
"STATE": "PUBLIC",
"TITLE": "Configuration service port remains open 10 minutes after reboot even when already provisioned"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiteManager",
"version": {
"version_data": [
{
"platform": "Hardware",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "9.5"
}
]
}
}
]
},
"vendor_name": "Secomea"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-523 Unprotected Transport of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.secomea.com/support/cybersecurity-advisory",
"refsource": "MISC",
"url": "https://www.secomea.com/support/cybersecurity-advisory"
}
]
},
"source": {
"defect": [
"RD-3777"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"assignerShortName": "Secomea",
"cveId": "CVE-2021-32003",
"datePublished": "2021-08-05T20:33:30.000Z",
"dateReserved": "2021-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:17:27.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Enforce SSL use for the login page or any page used to transmit user credentials or other sensitive information. Even if the entire site does not use SSL, it MUST use SSL for login. Additionally, to help prevent phishing attacks, make sure that SSL serves the login page. SSL allows the user to verify the identity of the server to which they are connecting. If the SSL serves login page, the user can be certain they are talking to the proper end system. A phishing attack would typically redirect a user to a site that does not have a valid trusted server certificate issued from an authorized supplier.
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.