Common Weakness Enumeration

CWE-798

Allowed-with-Review

Use of Hard-coded Credentials

Abstraction: Base · Status: Draft

The product contains hard-coded credentials, such as a password or cryptographic key.

2173 vulnerabilities reference this CWE, most recent first.

CVE-2024-27107 (GCVE-0-2024-27107)

Vulnerability from cvelistv5 – Published: 2024-05-14 17:05 – Updated: 2024-08-02 00:27
VLAI
Title
Weak account password in GE HealthCare EchoPAC products
Summary
Weak account password in GE HealthCare EchoPAC products
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Vendor Product Version
GE HealthCare EchoPAC Software Only Affected: 0 , < 206.82 (custom)
Create a notification for this product.
GE HealthCare ImageVault Affected: 0
Create a notification for this product.
GE HealthCare EchoPAC Turnkey Affected: 0
Create a notification for this product.
gehealthcare image_vault Affected: -
    cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:*
Create a notification for this product.
gehealthcare echopac_software Affected: -
    cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:*
Create a notification for this product.
gehealthcare echopac_turnkey Affected: -
    cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Andrea Palanca and Gabriele Quagliarella of Nozomi Networks
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "image_vault",
            "vendor": "gehealthcare",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "echopac_software",
            "vendor": "gehealthcare",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "echopac_turnkey",
            "vendor": "gehealthcare",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27107",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T19:31:36.437377Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:46:35.114Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:27:59.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://securityupdate.gehealthcare.com/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EchoPAC Software Only",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "lessThan": "206.82",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ImageVault",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EchoPAC Turnkey",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Weak account password in GE HealthCare EchoPAC products"
            }
          ],
          "value": "Weak account password in GE HealthCare EchoPAC products"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-70",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-14T17:05:22.568Z",
        "orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
        "shortName": "GEHC"
      },
      "references": [
        {
          "url": "https://securityupdate.gehealthcare.com/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Weak account password in GE HealthCare EchoPAC products",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
    "assignerShortName": "GEHC",
    "cveId": "CVE-2024-27107",
    "datePublished": "2024-05-14T17:05:22.568Z",
    "dateReserved": "2024-02-19T15:22:56.572Z",
    "dateUpdated": "2024-08-02T00:27:59.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23958 (GCVE-0-2024-23958)

Vulnerability from cvelistv5 – Published: 2024-09-28 06:10 – Updated: 2024-10-03 13:48
VLAI
Title
Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability
Summary
Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BLE AppAuthenRequest command handler. The handler uses hardcoded credentials as a fallback in case of an authentication request failure. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23196
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Vendor Product Version
Autel MaxiCharger AC Elite Business C50 Affected: 1.32.00
Create a notification for this product.
autel maxicharger_ac_elite_business_c50_firmware Affected: 0 , < 1.35 (custom)
    cpe:2.3:o:autel:maxicharger_ac_elite_business_c50_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
autel maxicharger_ac_elite_business_c50_eu_firmware Affected: 0 , < 1.50 (custom)
    cpe:2.3:o:autel:maxicharger_ac_elite_business_c50_eu_firmware:1.50:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-21 23:42
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:autel:maxicharger_ac_elite_business_c50_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "maxicharger_ac_elite_business_c50_firmware",
            "vendor": "autel",
            "versions": [
              {
                "lessThan": "1.35",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:autel:maxicharger_ac_elite_business_c50_eu_firmware:1.50:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "maxicharger_ac_elite_business_c50_eu_firmware",
            "vendor": "autel",
            "versions": [
              {
                "lessThan": "1.50",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T13:48:26.335697Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T13:48:39.497Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "MaxiCharger AC Elite Business C50",
          "vendor": "Autel",
          "versions": [
            {
              "status": "affected",
              "version": "1.32.00"
            }
          ]
        }
      ],
      "dateAssigned": "2024-01-25T03:46:00.000Z",
      "datePublic": "2024-06-21T23:42:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAutel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability.\u003c/p\u003e\u003cp\u003eThe specific flaw exists within the BLE AppAuthenRequest command handler. The handler uses hardcoded credentials as a fallback in case of an authentication request failure. An attacker can leverage this vulnerability to bypass authentication on the system.\u003c/p\u003e\u003cp\u003eWas ZDI-CAN-23196\u003c/p\u003e"
            }
          ],
          "value": "Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the BLE AppAuthenRequest command handler. The handler uses hardcoded credentials as a fallback in case of an authentication request failure. An attacker can leverage this vulnerability to bypass authentication on the system.\n\nWas ZDI-CAN-23196"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798: Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-28T06:10:32.811Z",
        "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "shortName": "ASRG"
      },
      "references": [
        {
          "name": "ZDI-24-852",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-852/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN",
        "lang": "en",
        "value": "Synacktiv (@Synacktiv)"
      },
      "title": "Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
    "assignerShortName": "ASRG",
    "cveId": "CVE-2024-23958",
    "datePublished": "2024-09-28T06:10:32.811Z",
    "dateReserved": "2024-01-25T00:14:40.298Z",
    "dateUpdated": "2024-10-03T13:48:39.497Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23816 (GCVE-0-2024-23816)

Vulnerability from cvelistv5 – Published: 2024-02-13 09:00 – Updated: 2025-05-09 18:28
VLAI
Summary
A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:13:08.454Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-580228.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23816",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T18:42:02.272695Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-09T18:28:24.829Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Location Intelligence Perpetual Large",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Location Intelligence Perpetual Medium",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Location Intelligence Perpetual Non-Prod",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Location Intelligence Perpetual Small",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Location Intelligence SUS Large",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Location Intelligence SUS Medium",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Location Intelligence SUS Non-Prod",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Location Intelligence SUS Small",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions \u003c V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions \u003c V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions \u003c V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions \u003c V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions \u003c V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions \u003c V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions \u003c V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions \u003c V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798: Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T09:00:27.125Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-580228.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-23816",
    "datePublished": "2024-02-13T09:00:27.125Z",
    "dateReserved": "2024-01-22T17:44:56.763Z",
    "dateUpdated": "2025-05-09T18:28:24.829Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23619 (GCVE-0-2024-23619)

Vulnerability from cvelistv5 – Published: 2024-01-25 23:35 – Updated: 2025-06-16 19:31
VLAI
Title
IBM Merge Healthcare eFilm Workstation Hardcoded Credentials
Summary
A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
XI
References
Impacted products
Vendor Product Version
IBM Merge Healthcare eFilm Workstation Affected: 3.1 , ≤ 4.1 (semver)
Create a notification for this product.
Credits
Exodus Intelligence
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:06:25.352Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-information-disclosure/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23619",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-16T19:31:05.788584Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-16T19:31:21.425Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "eFilm Workstation ",
          "vendor": "IBM Merge Healthcare",
          "versions": [
            {
              "lessThanOrEqual": "4.1",
              "status": "affected",
              "version": "3.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Exodus Intelligence"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.\u003cbr\u003e"
            }
          ],
          "value": "A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-54",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-54 Query System for Information"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV2_0": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T23:35:56.192Z",
        "orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
        "shortName": "XI"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-information-disclosure/"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "IBM Merge Healthcare eFilm Workstation Hardcoded Credentials",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
    "assignerShortName": "XI",
    "cveId": "CVE-2024-23619",
    "datePublished": "2024-01-25T23:35:56.192Z",
    "dateReserved": "2024-01-18T21:37:15.393Z",
    "dateUpdated": "2025-06-16T19:31:21.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23473 (GCVE-0-2024-23473)

Vulnerability from cvelistv5 – Published: 2024-05-09 12:43 – Updated: 2024-08-01 23:06
VLAI
Title
SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass Vulnerability
Summary
The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
Impacted products
Vendor Product Version
SolarWinds Access Rights Manager Affected: previous versions , ≤ 2023.2.3 (2023.2.3)
Create a notification for this product.
solarwinds access_rights_manager Affected: 0 , ≤ 2023.2.3 (custom)
    cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-05-09 08:48
Credits
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "access_rights_manager",
            "vendor": "solarwinds",
            "versions": [
              {
                "lessThanOrEqual": "2023.2.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23473",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-09T15:57:07.286791Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-30T14:53:20.981Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:06:24.896Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23473"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Access Rights Manager",
          "vendor": "SolarWinds",
          "versions": [
            {
              "lessThanOrEqual": "2023.2.3",
              "status": "affected",
              "version": "previous versions",
              "versionType": "2023.2.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative"
        }
      ],
      "datePublic": "2024-05-09T08:48:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. \u003cbr\u003e\u003cbr\u003eWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. "
            }
          ],
          "value": "The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. \n\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. "
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-1",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-09T12:43:51.111Z",
        "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "shortName": "SolarWinds"
      },
      "references": [
        {
          "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23473"
        },
        {
          "url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nAll SolarWinds Access Rights Manager customers are advised to upgrade to the latest version of the SolarWinds Access Rights Manager 2023.2.4\u003cbr\u003e"
            }
          ],
          "value": "\nAll SolarWinds Access Rights Manager customers are advised to upgrade to the latest version of the SolarWinds Access Rights Manager 2023.2.4\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass Vulnerability ",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
    "assignerShortName": "SolarWinds",
    "cveId": "CVE-2024-23473",
    "datePublished": "2024-05-09T12:43:51.111Z",
    "dateReserved": "2024-01-17T16:07:35.068Z",
    "dateUpdated": "2024-08-01T23:06:24.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-22313 (GCVE-0-2024-22313)

Vulnerability from cvelistv5 – Published: 2024-02-10 15:43 – Updated: 2025-06-17 21:29
VLAI
Title
IBM Storage Defender - Resiliency Service information disclosure
Summary
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
ibm
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:43:34.279Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7115261"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/278749"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22313",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-11T16:48:18.965666Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T21:29:29.959Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Storage Defender - Resiliency Service",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.  IBM X-Force ID:  278749."
            }
          ],
          "value": "IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.  IBM X-Force ID:  278749."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-10T15:43:31.231Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7115261"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/278749"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Storage Defender - Resiliency Service information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-22313",
    "datePublished": "2024-02-10T15:43:31.231Z",
    "dateReserved": "2024-01-08T23:41:52.507Z",
    "dateUpdated": "2025-06-17T21:29:29.959Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21764 (GCVE-0-2024-21764)

Vulnerability from cvelistv5 – Published: 2024-02-01 23:28 – Updated: 2024-10-17 16:01
VLAI
Title
Use of Hard-Coded Credentials in Rapid SCADA
Summary
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
Impacted products
Vendor Product Version
Rapid Software LLC Rapid SCADA Affected: 0 , ≤ 5.8.4 (custom)
Create a notification for this product.
Credits
Noam Moshe of Claroty Research reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:36.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rapidscada.org/contact/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21764",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T16:00:24.815608Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T16:01:00.443Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Rapid SCADA",
          "vendor": "Rapid Software LLC",
          "versions": [
            {
              "lessThanOrEqual": "5.8.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Noam Moshe of Claroty Research reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Rapid Software LLC\u0027s Rapid SCADA versions prior to\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVersion 5.8.4, the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eproduct uses hard-coded credentials, which may allow an attacker to connect to a specific port.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "In Rapid Software LLC\u0027s Rapid SCADA versions prior to\u00a0Version 5.8.4, the\u00a0product uses hard-coded credentials, which may allow an attacker to connect to a specific port.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-01T23:28:32.698Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03"
        },
        {
          "url": "https://rapidscada.org/contact/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Use of Hard-Coded Credentials in Rapid SCADA",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nRapid Software did not respond to CISA\u0027s attempts at coordination. Users\n of Rapid SCADA are encouraged to contact Rapid Software and keep their \nsystems up to date.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Rapid Software did not respond to CISA\u0027s attempts at coordination. Users\n of Rapid SCADA are encouraged to contact Rapid Software and keep their \nsystems up to date.\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-21764",
    "datePublished": "2024-02-01T23:28:32.698Z",
    "dateReserved": "2024-01-05T21:39:05.426Z",
    "dateUpdated": "2024-10-17T16:01:00.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11630 (GCVE-0-2024-11630)

Vulnerability from cvelistv5 – Published: 2024-11-22 22:00 – Updated: 2024-11-25 21:23
VLAI
Title
E-Lins H685/H685f/H700/H720/H750/H820/H820Q/H820Q0/H900 OEM Backend hard-coded credentials
Summary
A vulnerability has been found in E-Lins H685, H685f, H700, H720, H750, H820, H820Q, H820Q0 and H900 up to 3.2 and classified as critical. This vulnerability affects unknown code of the component OEM Backend. The manipulation leads to hard-coded credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Hard-coded Credentials
  • CWE-259 - Use of Hard-coded Password
Assigner
References
Impacted products
Vendor Product Version
E-Lins H685 Affected: 3.0
Affected: 3.1
Affected: 3.2
Create a notification for this product.
E-Lins H685f Affected: 3.0
Affected: 3.1
Affected: 3.2
Create a notification for this product.
E-Lins H700 Affected: 3.0
Affected: 3.1
Affected: 3.2
Create a notification for this product.
E-Lins H720 Affected: 3.0
Affected: 3.1
Affected: 3.2
Create a notification for this product.
E-Lins H750 Affected: 3.0
Affected: 3.1
Affected: 3.2
Create a notification for this product.
E-Lins H820 Affected: 3.0
Affected: 3.1
Affected: 3.2
Create a notification for this product.
E-Lins H820Q Affected: 3.0
Affected: 3.1
Affected: 3.2
Create a notification for this product.
E-Lins H820Q0 Affected: 3.0
Affected: 3.1
Affected: 3.2
Create a notification for this product.
E-Lins H900 Affected: 3.0
Affected: 3.1
Affected: 3.2
Create a notification for this product.
e-lins h685 Affected: 3.0
Affected: 3.1
Affected: 3.2
    cpe:2.3:a:e-lins:h685:*:*:*:*:*:*:*:*
Create a notification for this product.
e-lins h685f Affected: 3.0
Affected: 3.1
Affected: 3.2
    cpe:2.3:a:e-lins:h685f:*:*:*:*:*:*:*:*
Create a notification for this product.
e-lins h700 Affected: 3.0
Affected: 3.1
Affected: 3.2
    cpe:2.3:a:e-lins:h700:*:*:*:*:*:*:*:*
Create a notification for this product.
e-lins h720 Affected: 3.0
Affected: 3.1
Affected: 3.2
    cpe:2.3:a:e-lins:h720:*:*:*:*:*:*:*:*
Create a notification for this product.
e-lins h750 Affected: 3.0
Affected: 3.1
Affected: 3.2
    cpe:2.3:a:e-lins:h750:*:*:*:*:*:*:*:*
Create a notification for this product.
e-lins h820 Affected: 3.0
Affected: 3.1
Affected: 3.2
    cpe:2.3:a:e-lins:h820:*:*:*:*:*:*:*:*
Create a notification for this product.
e-lins h820q Affected: 3.0
Affected: 3.1
Affected: 3.2
    cpe:2.3:a:e-lins:h820q:*:*:*:*:*:*:*:*
Create a notification for this product.
e-lins h820q0 Affected: 3.0
Affected: 3.1
Affected: 3.2
    cpe:2.3:a:e-lins:h820q0:*:*:*:*:*:*:*:*
Create a notification for this product.
e-lins h900 Affected: 3.0
Affected: 3.1
Affected: 3.2
    cpe:2.3:a:e-lins:h900:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
liutong (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:e-lins:h685:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "h685",
            "vendor": "e-lins",
            "versions": [
              {
                "status": "affected",
                "version": "3.0"
              },
              {
                "status": "affected",
                "version": "3.1"
              },
              {
                "status": "affected",
                "version": "3.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:e-lins:h685f:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "h685f",
            "vendor": "e-lins",
            "versions": [
              {
                "status": "affected",
                "version": "3.0"
              },
              {
                "status": "affected",
                "version": "3.1"
              },
              {
                "status": "affected",
                "version": "3.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:e-lins:h700:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "h700",
            "vendor": "e-lins",
            "versions": [
              {
                "status": "affected",
                "version": "3.0"
              },
              {
                "status": "affected",
                "version": "3.1"
              },
              {
                "status": "affected",
                "version": "3.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:e-lins:h720:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "h720",
            "vendor": "e-lins",
            "versions": [
              {
                "status": "affected",
                "version": "3.0"
              },
              {
                "status": "affected",
                "version": "3.1"
              },
              {
                "status": "affected",
                "version": "3.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:e-lins:h750:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "h750",
            "vendor": "e-lins",
            "versions": [
              {
                "status": "affected",
                "version": "3.0"
              },
              {
                "status": "affected",
                "version": "3.1"
              },
              {
                "status": "affected",
                "version": "3.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:e-lins:h820:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "h820",
            "vendor": "e-lins",
            "versions": [
              {
                "status": "affected",
                "version": "3.0"
              },
              {
                "status": "affected",
                "version": "3.1"
              },
              {
                "status": "affected",
                "version": "3.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:e-lins:h820q:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "h820q",
            "vendor": "e-lins",
            "versions": [
              {
                "status": "affected",
                "version": "3.0"
              },
              {
                "status": "affected",
                "version": "3.1"
              },
              {
                "status": "affected",
                "version": "3.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:e-lins:h820q0:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "h820q0",
            "vendor": "e-lins",
            "versions": [
              {
                "status": "affected",
                "version": "3.0"
              },
              {
                "status": "affected",
                "version": "3.1"
              },
              {
                "status": "affected",
                "version": "3.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:e-lins:h900:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "h900",
            "vendor": "e-lins",
            "versions": [
              {
                "status": "affected",
                "version": "3.0"
              },
              {
                "status": "affected",
                "version": "3.1"
              },
              {
                "status": "affected",
                "version": "3.2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11630",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T21:06:04.277733Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-25T21:23:06.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "OEM Backend"
          ],
          "product": "H685",
          "vendor": "E-Lins",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "status": "affected",
              "version": "3.2"
            }
          ]
        },
        {
          "modules": [
            "OEM Backend"
          ],
          "product": "H685f",
          "vendor": "E-Lins",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "status": "affected",
              "version": "3.2"
            }
          ]
        },
        {
          "modules": [
            "OEM Backend"
          ],
          "product": "H700",
          "vendor": "E-Lins",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "status": "affected",
              "version": "3.2"
            }
          ]
        },
        {
          "modules": [
            "OEM Backend"
          ],
          "product": "H720",
          "vendor": "E-Lins",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "status": "affected",
              "version": "3.2"
            }
          ]
        },
        {
          "modules": [
            "OEM Backend"
          ],
          "product": "H750",
          "vendor": "E-Lins",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "status": "affected",
              "version": "3.2"
            }
          ]
        },
        {
          "modules": [
            "OEM Backend"
          ],
          "product": "H820",
          "vendor": "E-Lins",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "status": "affected",
              "version": "3.2"
            }
          ]
        },
        {
          "modules": [
            "OEM Backend"
          ],
          "product": "H820Q",
          "vendor": "E-Lins",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "status": "affected",
              "version": "3.2"
            }
          ]
        },
        {
          "modules": [
            "OEM Backend"
          ],
          "product": "H820Q0",
          "vendor": "E-Lins",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "status": "affected",
              "version": "3.2"
            }
          ]
        },
        {
          "modules": [
            "OEM Backend"
          ],
          "product": "H900",
          "vendor": "E-Lins",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "status": "affected",
              "version": "3.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "liutong (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in E-Lins H685, H685f, H700, H720, H750, H820, H820Q, H820Q0 and H900 up to 3.2 and classified as critical. This vulnerability affects unknown code of the component OEM Backend. The manipulation leads to hard-coded credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In E-Lins H685, H685f, H700, H720, H750, H820, H820Q, H820Q0 and H900 bis 3.2 wurde eine kritische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente OEM Backend. Durch Manipulation mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme werden Anpassungen an der Konfiguration empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-22T22:00:07.324Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-285916 | E-Lins H685/H685f/H700/H720/H750/H820/H820Q/H820Q0/H900 OEM Backend hard-coded credentials",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.285916"
        },
        {
          "name": "VDB-285916 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.285916"
        },
        {
          "name": "Submit #444738 | E-Lins Technology E-Lins H685 Routers \u003c=v3.2.337 Hard-coded Credentials",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.444738"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/I3eg1nner/iot-vuln/blob/main/E-lins/Hard-Coded%20Credential%20Vulnerability%20in%20E-Lins%20Routers.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-22T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-11-22T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-11-22T18:05:24.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "E-Lins H685/H685f/H700/H720/H750/H820/H820Q/H820Q0/H900 OEM Backend hard-coded credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-11630",
    "datePublished": "2024-11-22T22:00:07.324Z",
    "dateReserved": "2024-11-22T17:00:20.839Z",
    "dateUpdated": "2024-11-25T21:23:06.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11147 (GCVE-0-2024-11147)

Vulnerability from cvelistv5 – Published: 2025-01-23 16:37 – Updated: 2025-02-12 17:07
VLAI
Title
ECOVACS lawnmowers and vacuums deterministic root password
Summary
ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
Impacted products
Date Public
2023-12-27 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11147",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-23T16:54:55.367221Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T17:07:28.749Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Unspecified robots",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        }
      ],
      "datePublic": "2023-12-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "PHYSICAL",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-23T16:37:54.479Z",
        "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "shortName": "cisa-cg"
      },
      "references": [
        {
          "name": "url",
          "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
        },
        {
          "name": "url",
          "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
        },
        {
          "name": "url",
          "url": "https://builder.dontvacuum.me/ecopassword.php"
        }
      ],
      "title": "ECOVACS lawnmowers and vacuums deterministic root password"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
    "assignerShortName": "cisa-cg",
    "cveId": "CVE-2024-11147",
    "datePublished": "2025-01-23T16:37:54.479Z",
    "dateReserved": "2024-11-12T15:39:13.966Z",
    "dateUpdated": "2025-02-12T17:07:28.749Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10451 (GCVE-0-2024-10451)

Vulnerability from cvelistv5 – Published: 2024-11-25 07:37 – Updated: 2025-11-11 16:08
VLAI
Title
Org.keycloak:keycloak-quarkus-server: sensitive data exposure in keycloak build process
Summary
A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in environment variables during the build process is also stored as a default values, making it accessible during runtime. Indirect usage of environment variables for SPI options and Quarkus properties is also vulnerable due to unconditional expansion by PropertyMapper logic, capturing sensitive data as default values in all Keycloak versions up to 26.0.2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2024:10175 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:10176 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:10177 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:10178 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-10451 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2322096 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat build of Keycloak 24 Unaffected: 24.0.9-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 24 Unaffected: 24-18 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 24.0.9     cpe:/a:redhat:build_keycloak:24
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0.6-2 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.0::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0-5 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.0::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0-6 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.0::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.0.6     cpe:/a:redhat:build_keycloak:26
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
Create a notification for this product.
Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
Create a notification for this product.
Date Public
2024-11-21 16:55
Credits
Red Hat would like to thank Steven Hawkins for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10451",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T16:00:10.921097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-25T16:00:38.099Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.9-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-18",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-18",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-quarkus-server",
          "product": "Red Hat build of Keycloak 24.0.9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0.6-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-quarkus-server",
          "product": "Red Hat build of Keycloak 26.0.6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-quarkus-server",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "org.keycloak/keycloak-quarkus-server",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Steven Hawkins for reporting this issue."
        }
      ],
      "datePublic": "2024-11-21T16:55:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in environment variables during the build process is also stored as a default values, making it accessible during runtime. Indirect usage of environment variables for SPI options and Quarkus properties is also vulnerable due to unconditional expansion by PropertyMapper logic, capturing sensitive data as default values in all Keycloak versions up to 26.0.2."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T16:08:35.556Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:10175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10175"
        },
        {
          "name": "RHSA-2024:10176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10176"
        },
        {
          "name": "RHSA-2024:10177",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10177"
        },
        {
          "name": "RHSA-2024:10178",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10178"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-10451"
        },
        {
          "name": "RHBZ#2322096",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322096"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-28T07:27:41.800Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-11-21T16:55:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak:keycloak-quarkus-server: sensitive data exposure in keycloak build process",
      "x_redhatCweChain": "CWE-798: Use of Hard-coded Credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-10451",
    "datePublished": "2024-11-25T07:37:05.161Z",
    "dateReserved": "2024-10-28T07:34:31.748Z",
    "dateUpdated": "2025-11-11T16:08:35.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design
  • For outbound authentication: store passwords, keys, and other credentials outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible [REF-7].
  • In Windows environments, the Encrypted File System (EFS) may provide some protection.
Mitigation
Architecture and Design

For inbound authentication: Rather than hard-code a default username and password, key, or other authentication credentials for first time logins, utilize a "first login" mode that requires the user to enter a unique strong password or key.

Mitigation
Architecture and Design

If the product must contain hard-coded credentials or they cannot be removed, perform access control checks and limit which entities can access the feature that requires the hard-coded credentials. For example, a feature might only be enabled through the system console instead of through a network connection.

Mitigation
Architecture and Design
  • For inbound authentication using passwords: apply strong one-way hashes to passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When handling an incoming password during authentication, take the hash of the password and compare it to the saved hash.
  • Use randomly assigned salts for each separate hash that is generated. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method.
Mitigation
Architecture and Design
  • For front-end to back-end connections: Three solutions are possible, although none are complete.
  • The first suggestion involves the use of generated passwords or keys that are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals.
  • Next, the passwords or keys should be limited at the back end to only performing actions valid for the front end, as opposed to having full access.
  • Finally, the messages sent should be tagged and checksummed with time sensitive values so as to prevent replay-style attacks.
CAPEC-191: Read Sensitive Constants Within an Executable

An adversary engages in activities to discover any sensitive constants present within the compiled code of an executable. These constants may include literal ASCII strings within the file itself, or possibly strings hard-coded into particular routines that can be revealed by code refactoring methods including static and dynamic analysis.

CAPEC-70: Try Common or Default Usernames and Passwords

An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an intelligent brute force using empty passwords, known vendor default credentials, as well as a dictionary of common usernames and passwords. Many vendor products come preconfigured with default (and thus well-known) usernames and passwords that should be deleted prior to usage in a production environment. It is a common mistake to forget to remove these default login credentials. Another problem is that users would pick very simple (common) passwords (e.g. "secret" or "password") that make it easier for the attacker to gain access to the system compared to using a brute force attack or even a dictionary attack using a full dictionary.