CWE-257
Storing Passwords in a Recoverable Format
The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.
CVE-2025-57796 (GCVE-0-2025-57796)
Vulnerability from cvelistv5 – Published: 2026-01-28 17:47 – Updated: 2026-01-28 18:11
VLAI
Title
Use of a hardcoded static key to protect sensitive data in Explorance Blue
Summary
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained.
Severity
6.8 (Medium)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.explorance.com/products/blue | product |
| https://online-help.explorance.com/blue/articles/… | vendor-advisory |
| https://online-help.explorance.com/blue/articles/… | vendor-advisory |
| https://github.com/mandiant/Vulnerability-Disclos… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Explorance | Blue |
Affected:
0 , < 8.14.12
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T18:10:56.263409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T18:11:13.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Blue",
"vendor": "Explorance",
"versions": [
{
"lessThan": "8.14.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdulrahman Nour, Mandiant"
},
{
"lang": "en",
"type": "reporter",
"value": "Abdulrahman Nour, Mandiant"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained."
}
],
"value": "Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained."
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-50 Password Recovery Exploitation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257:Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T17:49:50.244Z",
"orgId": "027e81ed-0dd4-4685-ab4d-884aec5bb484",
"shortName": "Mandiant"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.explorance.com/products/blue"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://online-help.explorance.com/blue/articles/security-advisories-(january-2026)"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57796"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0005.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of a hardcoded static key to protect sensitive data in Explorance Blue",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "027e81ed-0dd4-4685-ab4d-884aec5bb484",
"assignerShortName": "Mandiant",
"cveId": "CVE-2025-57796",
"datePublished": "2026-01-28T17:47:56.607Z",
"dateReserved": "2025-08-19T19:08:41.742Z",
"dateUpdated": "2026-01-28T18:11:13.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58049 (GCVE-0-2025-58049)
Vulnerability from cvelistv5 – Published: 2025-08-28 17:43 – Updated: 2025-08-28 18:15
VLAI
Title
XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki shouldn't store passwords in plain text, and it shouldn't be possible to gain access to plain text passwords by gaining access to, e.g., a backup of the data directory. This vulnerability has been patched in XWiki 16.4.8, 16.10.7, and 17.4.0-rc-1.
Severity
5.8 (Medium)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/xwiki/xwiki-platform/security/… | x_refsource_CONFIRM |
| https://github.com/xwiki/xwiki-platform/commit/60… | x_refsource_MISC |
| https://jira.xwiki.org/browse/XWIKI-23151 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xwiki | xwiki-platform |
Affected:
>= 14.4.2, < 16.4.8
Affected: >= 16.5.0-rc-1, < 16.10.7 Affected: >= 17.0.0-rc-1, < 17.4.0-rc-1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T18:15:42.371947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T18:15:47.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 14.4.2, \u003c 16.4.8"
},
{
"status": "affected",
"version": "\u003e= 16.5.0-rc-1, \u003c 16.10.7"
},
{
"status": "affected",
"version": "\u003e= 17.0.0-rc-1, \u003c 17.4.0-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki shouldn\u0027t store passwords in plain text, and it shouldn\u0027t be possible to gain access to plain text passwords by gaining access to, e.g., a backup of the data directory. This vulnerability has been patched in XWiki 16.4.8, 16.10.7, and 17.4.0-rc-1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257: Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:43:39.779Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9m7c-m33f-3429",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9m7c-m33f-3429"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/60982ad0057b1701ed8297f28cad35d170686539",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/60982ad0057b1701ed8297f28cad35d170686539"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-23151",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-23151"
}
],
"source": {
"advisory": "GHSA-9m7c-m33f-3429",
"discovery": "UNKNOWN"
},
"title": "XWiki PDF export jobs store sensitive cookies unencrypted in job statuses"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58049",
"datePublished": "2025-08-28T17:43:39.779Z",
"dateReserved": "2025-08-22T14:30:32.221Z",
"dateUpdated": "2025-08-28T18:15:47.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6995 (GCVE-0-2025-6995)
Vulnerability from cvelistv5 – Published: 2025-07-08 14:45 – Updated: 2025-07-08 15:54
VLAI
Title
Improper Encryption in Ivanti Endpoint Manager
Summary
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
Severity
8.4 (High)
CWE
- CWE-257 - : Storing Passwords in a Recoverable Format
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ivanti | Endpoint Manager |
Unaffected:
2024 SU3
Unaffected: 2022 SU8 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T15:54:42.691966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:54:49.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Endpoint Manager",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "2024 SU3"
},
{
"status": "unaffected",
"version": "2022 SU8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users\u2019 passwords.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users\u2019 passwords."
}
],
"impacts": [
{
"capecId": "CAPEC-97",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-97 Cryptanalysis"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 : Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T14:45:58.457Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-July-2025-for-Ivanti-EPM-2024-SU2-and-EPM-2022-SU8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Encryption in Ivanti Endpoint Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2025-6995",
"datePublished": "2025-07-08T14:45:44.989Z",
"dateReserved": "2025-07-01T21:36:24.607Z",
"dateUpdated": "2025-07-08T15:54:49.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6996 (GCVE-0-2025-6996)
Vulnerability from cvelistv5 – Published: 2025-07-08 14:51 – Updated: 2025-07-08 15:14
VLAI
Title
Improper Encryption in Ivanti Endpoint Manager
Summary
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
Severity
8.4 (High)
CWE
- CWE-257 - : Storing Passwords in a Recoverable Format
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ivanti | Endpoint Manager |
Unaffected:
2024 SU3
Unaffected: 2022 SU8 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T15:14:01.674255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:14:08.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Endpoint Manager",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "2024 SU3"
},
{
"status": "unaffected",
"version": "2022 SU8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users\u2019 passwords.\u0026nbsp;"
}
],
"value": "Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users\u2019 passwords."
}
],
"impacts": [
{
"capecId": "CAPEC-97",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-97 Cryptanalysis"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 : Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T14:51:10.053Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-July-2025-for-Ivanti-EPM-2024-SU2-and-EPM-2022-SU8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Encryption in Ivanti Endpoint Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2025-6996",
"datePublished": "2025-07-08T14:51:04.446Z",
"dateReserved": "2025-07-01T21:36:25.728Z",
"dateUpdated": "2025-07-08T15:14:08.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8095 (GCVE-0-2025-8095)
Vulnerability from cvelistv5 – Published: 2026-04-14 13:13 – Updated: 2026-04-15 03:58
VLAI
Title
Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge
Summary
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other supported prefix encoding, all of which are based on symmetric encryption.
Severity
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software Corporation | OpenEdge |
Affected:
12.2.0 , ≤ 12.2.18
(custom)
Affected: 12.8.0 , ≤ 12.8.9 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:13.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"OpenEdge Platform Prefix Encodings"
],
"platforms": [
"Windows",
"Linux",
"64 bit",
"32 bit"
],
"product": "OpenEdge",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThanOrEqual": "12.2.18",
"status": "affected",
"version": "12.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.8.9",
"status": "affected",
"version": "12.8.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thomas Riedmaier, Siemens Energy"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cspan\u003eThe OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. \u0026nbsp;It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. \u0026nbsp;OECH1 encodings should be considered exploitable and immediately replaced by any other supported prefix encoding, all of which are based on symmetric encryption.\u003c/span\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. \u00a0It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. \u00a0OECH1 encodings should be considered exploitable and immediately replaced by any other supported prefix encoding, all of which are based on symmetric encryption."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Identifiers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/AU:Y/V:D/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T13:13:43.739Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://community.progress.com/s/article/Unintended-Use-of-OECH1-for-Password-Secrets-Protection"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2025-8095",
"datePublished": "2026-04-14T13:13:43.739Z",
"dateReserved": "2025-07-23T16:36:12.176Z",
"dateUpdated": "2026-04-15T03:58:13.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8307 (GCVE-0-2025-8307)
Vulnerability from cvelistv5 – Published: 2026-01-08 13:43 – Updated: 2026-01-08 14:18
VLAI
Title
Recoverable passwords in Asseco Infomedica Plus
Summary
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software.
This vulnerability has been fixed in versions 4.50.1 and 5.38.0
Severity
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2026/01/CVE-2025-8306/ | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Asseco | InfoMedica Plus |
Affected:
5.0.0 , < 5.38.0
(semver)
Affected: 4.0.0 , < 4.50.1 (semver) |
Date Public
2026-01-08 10:11
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T14:18:46.776974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T14:18:51.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "InfoMedica Plus",
"vendor": "Asseco",
"versions": [
{
"lessThan": "5.38.0",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThan": "4.50.1",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maciej Kazulak"
}
],
"datePublic": "2026-01-08T10:11:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software.\u0026nbsp;\u003cbr\u003eThis vulnerability has been fixed in versions\u0026nbsp;4.50.1 and 5.38.0"
}
],
"value": "Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software.\u00a0\nThis vulnerability has been fixed in versions\u00a04.50.1 and 5.38.0"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T13:43:37.330Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2026/01/CVE-2025-8306/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Recoverable passwords in Asseco Infomedica Plus",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-8307",
"datePublished": "2026-01-08T13:43:37.330Z",
"dateReserved": "2025-07-29T13:00:37.007Z",
"dateUpdated": "2026-01-08T14:18:51.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8904 (GCVE-0-2025-8904)
Vulnerability from cvelistv5 – Published: 2025-08-13 17:06 – Updated: 2026-02-26 17:48
VLAI
Title
Privilege escalation issue in Amazon EMR Secret Agent component
Summary
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges.
Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below.
Severity
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://docs.aws.amazon.com/emr/latest/ReleaseGui… | release-notespatch |
| https://aws.amazon.com/security/security-bulletin… | vendor-advisory |
| https://github.com/advisories/GHSA-hf8h-76fm-735v | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T03:55:56.600013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:39.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EMR",
"vendor": "Amazon",
"versions": [
{
"lessThan": "7.4",
"status": "affected",
"version": "6.10",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAmazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below.\u003c/p\u003e"
}
],
"value": "Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. \n\n\n\nUsers are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233: Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257: Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T17:52:00.391Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-750-release.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-017/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/advisories/GHSA-hf8h-76fm-735v"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege escalation issue in Amazon EMR Secret Agent component",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2025-8904",
"datePublished": "2025-08-13T17:06:29.293Z",
"dateReserved": "2025-08-12T19:43:46.286Z",
"dateUpdated": "2026-02-26T17:48:39.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20128 (GCVE-0-2026-20128)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-04-21 03:55
VLAI
Title
Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
Summary
A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system.
This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.
Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.
Severity
7.5 (High)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.5.1.0.2 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.3.3.0.18 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.3.4.1.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.6.2.0.4 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.3.5.0.7 Affected: 20.6.3.0.2 Affected: 20.9.1EFT2 Affected: 20.3.6 Affected: 20.3.7 Affected: 20.4.2.3 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.3.3.2 Affected: 20.3.7.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.1.3.1 Affected: 20.6.5.1.4 Affected: 20.3.8 Affected: 20.12.501 Affected: 26.1.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20128",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-04-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20128"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T03:55:31.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20128"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-20T00:00:00.000Z",
"value": "CVE-2026-20128 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "26.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system.\r\n\r\nThis vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.\r\nNote: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in CVE-2026-20133, CVE-2026-20126, and CVE-2026-20129.\r\n\r\nIn March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only. The vulnerabilities that are described in the other CVEs in this advisory are not known to have been compromised. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T21:47:33.415Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-authbp-qwCX8D4v",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
}
],
"source": {
"advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
"defects": [
"CSCws33585"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20128",
"datePublished": "2026-02-25T16:14:12.353Z",
"dateReserved": "2025-10-08T11:59:15.379Z",
"dateUpdated": "2026-04-21T03:55:31.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22574 (GCVE-0-2026-22574)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration.
Severity
CWE
- CWE-257 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:35:22.098427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:16.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:08.130Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22574",
"datePublished": "2026-04-14T15:38:08.130Z",
"dateReserved": "2026-01-07T18:30:44.883Z",
"dateUpdated": "2026-04-14T16:46:16.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22576 (GCVE-0-2026-22576)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration.
Severity
CWE
- CWE-257 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:29:52.411885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:17.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:05.576Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-104",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-104"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22576",
"datePublished": "2026-04-14T15:38:05.576Z",
"dateReserved": "2026-01-07T18:30:44.883Z",
"dateUpdated": "2026-04-14T16:46:17.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Use strong, non-reversible encryption to protect stored passwords.
CAPEC-49: Password Brute Forcing
An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password.