• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-522

CVE-2019-5627

February 26, 2023 by

The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the iOS device or compromise it with a malicious app.

CVE-2019-5648

February 26, 2023 by

Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network.

CVE-2019-5615

February 26, 2023 by

Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious users would still need to perform additional work to decrypt the credentials and escalate privileges. This issue affects: Rapid7 InsightVM versions 6.5.11 through 6.5.49.

CVE-2019-5534

February 26, 2023 by

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine’s vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).

CVE-2019-5505

February 26, 2023 by

ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext.

CVE-2019-4693

February 26, 2023 by

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 47
  • Go to page 48
  • Go to page 49
  • Go to page 50
  • Go to page 51
  • Interim pages omitted …
  • Go to page 117
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE