Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4188 | 2024-07-30 | N/A | N/A | ||
| Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4. | |||||
| CVE-2024-20395 | 2024-07-18 | N/A | 6.4 MEDIUM | ||
| A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user. | |||||
| CVE-2023-28708 | 1 Apache | 1 Tomcat | 2023-11-07 | N/A | 4.3 MEDIUM |
| When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. | |||||
| CVE-2023-31277 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2023-07-13 | N/A | 7.5 HIGH |
| PiiGAB M-Bus transmits credentials in plaintext format. | |||||
| CVE-2017-16731 | 1 Hitachienergy | 1 Ellipse | 2023-05-16 | 2.9 LOW | 8.8 HIGH |
| An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials. | |||||
| CVE-2022-31805 | 1 Codesys | 10 Development System, Edge Gateway, Gateway and 7 more | 2023-05-09 | 4.3 MEDIUM | 7.5 HIGH |
| In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. | |||||
| CVE-2021-38460 | 1 Moxa | 1 Mxview | 2022-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | |||||
| CVE-2021-32003 | 1 Secomea | 2 Sitemanager, Sitemanager Firmware | 2022-07-02 | 2.1 LOW | 5.5 MEDIUM |
| Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. | |||||
| CVE-2020-25175 | 1 Gehealthcare | 224 1.5t Brivo Mr355, 1.5t Brivo Mr355 Firmware, 3.0t Signa Hd 16 and 221 more | 2021-04-30 | 5.0 MEDIUM | 9.8 CRITICAL |
| GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. | |||||