Total
1224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1576 | 1 Cisco | 1 Business Process Automation | 2023-11-07 | 4.0 MEDIUM | 8.8 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions with the privileges of an administrator, or by retrieving sensitive data from the logs and using it to impersonate a legitimate privileged user. A successful exploit could allow the attacker to elevate privileges to Administrator. | |||||
| CVE-2021-1574 | 1 Cisco | 1 Business Process Automation | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions with the privileges of an administrator, or by retrieving sensitive data from the logs and using it to impersonate a legitimate privileged user. A successful exploit could allow the attacker to elevate privileges to Administrator. | |||||
| CVE-2020-36547 | 1 Ge | 2 Voluson S8, Voluson S8 Firmware | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings. | |||||
| CVE-2020-26892 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Nats-server | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. | |||||
| CVE-2020-24115 | 1 Online Book Store Project | 1 Online Book Store | 2023-11-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access. | |||||
| CVE-2020-1764 | 2 Kiali, Redhat | 2 Kiali, Openshift Service Mesh | 2023-11-07 | 7.5 HIGH | 8.6 HIGH |
| A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration. | |||||
| CVE-2020-11857 | 1 Microfocus | 1 Operation Bridge Reporter | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user | |||||
| CVE-2020-11854 | 1 Microfocus | 4 Application Performance Management, Operations Bridge, Operations Bridge Manager and 1 more | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution. | |||||
| CVE-2019-12797 | 1 Elmelectronics | 2 Elm27, Elm27 Firmware | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle. | |||||
| CVE-2019-10712 | 1 Wago | 32 750-330, 750-330 Firmware, 750-352 and 29 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access. | |||||
| CVE-2019-10011 | 1 Jenzabar | 1 Internet Campus Solution | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234. | |||||
| CVE-2016-9013 | 3 Canonical, Djangoproject, Fedoraproject | 3 Ubuntu Linux, Django, Fedora | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary. | |||||
| CVE-2023-41372 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2023-11-06 | N/A | 7.8 HIGH |
| The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair | |||||
| CVE-2023-46102 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2023-11-06 | N/A | 8.8 HIGH |
| The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application. This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself. | |||||
| CVE-2023-26219 | 1 Tibco | 4 Hawk, Hawk Distribution For Tibco Silver Fabric, Operational Intelligence Hawk Redtail and 1 more | 2023-11-02 | N/A | 8.8 HIGH |
| The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below. | |||||
| CVE-2023-42492 | 1 Busbaer | 1 Eisbaer Scada | 2023-11-01 | N/A | 9.8 CRITICAL |
| EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key | |||||
| CVE-2023-45194 | 1 Mrl | 14 Mr-gm2, Mr-gm2 Firmware, Mr-gm3-d and 11 more | 2023-10-31 | N/A | 4.3 MEDIUM |
| Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration. | |||||
| CVE-2023-31581 | 1 Dromara | 1 Sureness | 2023-10-31 | N/A | 9.8 CRITICAL |
| Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. | |||||
| CVE-2022-22466 | 1 Ibm | 1 Security Verify Governance | 2023-10-28 | N/A | 9.8 CRITICAL |
| IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222. | |||||
| CVE-2023-41713 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2023-10-19 | N/A | 7.5 HIGH |
| SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. | |||||