CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CVE-2022-45480 (GCVE-0-2022-45480)
Vulnerability from cvelistv5 – Published: 2022-12-02 00:00 – Updated: 2025-04-24 20:16
VLAI
Summary
PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
5.9 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Telepad | PC Keyboard WiFi & Bluetooth |
Affected:
<= 30
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:03.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T20:15:43.986135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T20:16:07.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PC Keyboard WiFi \u0026 Bluetooth",
"vendor": "Telepad",
"versions": [
{
"status": "affected",
"version": "\u003c= 30"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PC Keyboard WiFi \u0026 Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-02T00:00:00.000Z",
"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"shortName": "SNPS"
},
"references": [
{
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"assignerShortName": "SNPS",
"cveId": "CVE-2022-45480",
"datePublished": "2022-12-02T00:00:00.000Z",
"dateReserved": "2022-11-18T00:00:00.000Z",
"dateUpdated": "2025-04-24T20:16:07.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45483 (GCVE-0-2022-45483)
Vulnerability from cvelistv5 – Published: 2022-12-02 00:00 – Updated: 2025-04-24 13:55
VLAI
Summary
Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
5.9 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| thisAAY | Lazy Mouse |
Affected:
<= 2.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:03.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T13:55:04.423314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T13:55:38.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Lazy Mouse",
"vendor": "thisAAY",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-02T00:00:00.000Z",
"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"shortName": "SNPS"
},
"references": [
{
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"assignerShortName": "SNPS",
"cveId": "CVE-2022-45483",
"datePublished": "2022-12-02T00:00:00.000Z",
"dateReserved": "2022-11-18T00:00:00.000Z",
"dateUpdated": "2025-04-24T13:55:38.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46680 (GCVE-0-2022-46680)
Vulnerability from cvelistv5 – Published: 2023-05-22 13:25 – Updated: 2025-01-21 15:05
VLAI
Summary
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could
cause disclosure of sensitive information, denial of service, or modification of data if an attacker
is able to intercept network traffic.
Severity
8.8 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | PowerLogic ION9000 |
Affected:
Prior to 4.0.0
|
|
| Schneider Electric | PowerLogic ION7400 |
Affected:
Prior to 4.0.0
|
|
| Schneider Electric | PowerLogic PM8000 |
Affected:
Prior to 4.0.0
|
|
| Schneider Electric | PowerLogic ION8650 |
Affected:
All Versions
|
|
| Schneider Electric | PowerLogic ION8800 |
Affected:
All Versions
|
|
| Schneider Electric | Legacy ION products |
Affected:
All Versions
|
Date Public
2023-05-09 13:18
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-03.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T15:05:13.390998Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T15:05:49.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerLogic ION9000",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Prior to 4.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerLogic ION7400",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Prior to 4.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": " PowerLogic PM8000",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Prior to 4.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerLogic ION8650",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerLogic ION8800",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Legacy ION products",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-05-09T13:18:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could\ncause disclosure of sensitive information, denial of service, or modification of data if an attacker\nis able to intercept network traffic. \n\n"
}
],
"value": "\nA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could\ncause disclosure of sensitive information, denial of service, or modification of data if an attacker\nis able to intercept network traffic. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T13:25:40.615Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-03.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-46680",
"datePublished": "2023-05-22T13:25:40.615Z",
"dateReserved": "2022-12-06T21:51:38.755Z",
"dateUpdated": "2025-01-21T15:05:49.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47560 (GCVE-0-2022-47560)
Vulnerability from cvelistv5 – Published: 2023-09-20 07:52 – Updated: 2025-06-18 14:27 Unsupported When Assigned
VLAI
Title
Cleartext Transmission of Sensitive Information in Ormazabal products
Summary
The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in.
Severity
5.7 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
Impacted products
Date Public
2023-08-22 10:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:55:08.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-17T02:48:34.736457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T14:27:40.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ekorCCP",
"vendor": "Ormazabal",
"versions": [
{
"status": "affected",
"version": "601j"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ekorRCI",
"vendor": "Ormazabal",
"versions": [
{
"status": "affected",
"version": "601j"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jacinto Moral Matell\u00e1n"
}
],
"datePublic": "2023-08-22T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in."
}
],
"value": "The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T07:52:33.173Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ormazabal recommends upgrading to updated models."
}
],
"value": "Ormazabal recommends upgrading to updated models."
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Cleartext Transmission of Sensitive Information in Ormazabal products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47560",
"datePublished": "2023-09-20T07:52:33.173Z",
"dateReserved": "2022-12-19T16:35:50.462Z",
"dateUpdated": "2025-06-18T14:27:40.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0001 (GCVE-0-2023-0001)
Vulnerability from cvelistv5 – Published: 2023-02-08 17:20 – Updated: 2024-08-02 04:54
VLAI
Title
Cortex XDR Agent: Cleartext Exposure of Agent Admin Password
Summary
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.
Severity
6 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cortex XDR agent |
Unaffected:
7.9 All
Unaffected: 7.8 All Affected: 7.5 , < 7.5.101-CE (custom) Unaffected: 5.0 All |
Date Public
2023-02-08 17:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-0001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.9 All"
},
{
"status": "unaffected",
"version": "7.8 All"
},
{
"changes": [
{
"at": "7.5.101-CE",
"status": "unaffected"
}
],
"lessThan": "7.5.101-CE",
"status": "affected",
"version": "7.5",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.0 All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Palo Alto Networks thanks Robert McCallum (M42D) for discovering and reporting this issue."
}
],
"datePublic": "2023-02-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent."
}
],
"value": "An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T18:25:00.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0001"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.)\u003cbr\u003e\u003cbr\u003eAfter you upgrade to a fixed version of the Cortex XDR agent, you must change the agent admin password in case it was already disclosed to users."
}
],
"value": "This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.)\n\nAfter you upgrade to a fixed version of the Cortex XDR agent, you must change the agent admin password in case it was already disclosed to users."
}
],
"source": {
"defect": [
"CPATR-13152"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-02-08T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Cleartext Exposure of Agent Admin Password",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-0001",
"datePublished": "2023-02-08T17:20:20.774Z",
"dateReserved": "2022-10-27T18:47:48.958Z",
"dateUpdated": "2024-08-02T04:54:32.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0053 (GCVE-0-2023-0053)
Vulnerability from cvelistv5 – Published: 2023-03-02 00:15 – Updated: 2025-01-16 21:55
VLAI
Title
SAUTER Controls Nova 200–220 Series Cleartext Transmission of Sensitive Information
Summary
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and
prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet
available for device management. Any sensitive information communicated
through these protocols, such as credentials, is sent in cleartext. An
attacker could obtain sensitive information such as user credentials to
gain access to the system.
Severity
7.5 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAUTER Controls | Nova 220 (EYK220F001) DDC with BACnet connection |
Affected:
Firmware all versions , ≤ 3.3-006
(custom)
Affected: BACnetstac all versions , ≤ 4.2.1 (custom) |
|
| SAUTER Controls | Nova 230 (EYK230F001) DDC with BACnet connection |
Affected:
Firmware all versions , ≤ 3.3-006
(custom)
Affected: BACnetstac all versions , ≤ 4.2.1 (custom) |
|
| SAUTER Controls | Nova 106 (EYK300F001) BACnet communication card |
Affected:
Firmware all versions , ≤ 3.3-006
(custom)
Affected: BACnetstac all versions , ≤ 4.2.1 (custom) |
|
| SAUTER Controls | moduNet300 (EY-AM300F001, EY-AM300F002) |
Affected:
Firmware all versions , ≤ 3.3-006
(custom)
Affected: BACnetstac all versions , ≤ 4.2.1 (custom) |
Date Public
2023-01-12 18:15
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:56:33.933472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:55:31.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nova 220 (EYK220F001) DDC with BACnet connection",
"vendor": "SAUTER Controls",
"versions": [
{
"lessThanOrEqual": "3.3-006",
"status": "affected",
"version": "Firmware all versions",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.2.1",
"status": "affected",
"version": "BACnetstac all versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Nova 230 (EYK230F001) DDC with BACnet connection",
"vendor": "SAUTER Controls",
"versions": [
{
"lessThanOrEqual": "3.3-006",
"status": "affected",
"version": "Firmware all versions",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.2.1",
"status": "affected",
"version": "BACnetstac all versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Nova 106 (EYK300F001) BACnet communication card",
"vendor": "SAUTER Controls",
"versions": [
{
"lessThanOrEqual": "3.3-006",
"status": "affected",
"version": "Firmware all versions",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.2.1",
"status": "affected",
"version": "BACnetstac all versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "moduNet300 (EY-AM300F001, EY-AM300F002)",
"vendor": "SAUTER Controls",
"versions": [
{
"lessThanOrEqual": "3.3-006",
"status": "affected",
"version": "Firmware all versions",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.2.1",
"status": "affected",
"version": "BACnetstac all versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jairo Alonso Ortiz, Aar\u00f3n Flecha Men\u00e9ndez and I\u00f1aki L\u00e1zaro Ayanz of S21Sec"
}
],
"datePublic": "2023-01-12T18:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nSAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and \nprior and BACnetstac version 4.2.1 and prior have only FTP and Telnet \navailable for device management. Any sensitive information communicated \nthrough these protocols, such as credentials, is sent in cleartext. An \nattacker could obtain sensitive information such as user credentials to \ngain access to the system. \n\n\u003c/p\u003e"
}
],
"value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and \nprior and BACnetstac version 4.2.1 and prior have only FTP and Telnet \navailable for device management. Any sensitive information communicated \nthrough these protocols, such as credentials, is sent in cleartext. An \nattacker could obtain sensitive information such as user credentials to \ngain access to the system. \n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T23:18:13.533Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SAUTER Controls Nova 200\u2013220 Series Cleartext Transmission of Sensitive Information",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cp\u003eSAUTER Controls has stated that this product line is no longer \nsupported, as it was discontinued in 2016. SAUTER Controls recommends \nusers take all necessary measures to protect the integrity of building \nautomation network access, using all appropriate means and policies to \nminimize risks. Sauter Controls recommends users evaluate and upgrade \nlegacy systems to current solutions where necessary. \u0026nbsp;\u003c/p\u003e\n\u003cp\u003eAffected users should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sauter-controls.com/\"\u003eSAUTER Controls\u003c/a\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003efor instructions on upgrading legacy systems.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "SAUTER Controls has stated that this product line is no longer \nsupported, as it was discontinued in 2016. SAUTER Controls recommends \nusers take all necessary measures to protect the integrity of building \nautomation network access, using all appropriate means and policies to \nminimize risks. Sauter Controls recommends users evaluate and upgrade \nlegacy systems to current solutions where necessary. \u00a0\n\n\nAffected users should contact SAUTER Controls https://www.sauter-controls.com/ \u00a0for instructions on upgrading legacy systems.\n\n"
}
],
"x_generator": {
"engine": "VINCE 2.0.5",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-0052"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-0053",
"datePublished": "2023-03-02T00:15:49.817Z",
"dateReserved": "2023-01-04T16:24:06.705Z",
"dateUpdated": "2025-01-16T21:55:31.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0864 (GCVE-0-2023-0864)
Vulnerability from cvelistv5 – Published: 2023-05-17 07:15 – Updated: 2025-01-22 16:50
VLAI
Title
Configuration data is exchanged in plaintext and could be available to a nearby attacker if present during configuration or usage of the device via Bluetooth Low Energy (BLE).
Summary
Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.
Severity
7.1 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | Terra AC wallbox (UL40/80A) |
Affected:
1.0;0 , ≤ 1.5.5
(custom)
|
|
| ABB | Terra AC wallbox (UL32A) |
Affected:
1.0;0 , ≤ 1.6.5
(custom)
|
|
| ABB | Terra AC wallbox (CE) (Terra AC MID) |
Affected:
1.0;0 , ≤ 1.6.5
(custom)
|
|
| ABB | Terra AC wallbox (CE) Terra AC Juno CE |
Affected:
1.0;0 , ≤ 1.6.5
(custom)
|
|
| ABB | Terra AC wallbox (CE) Terra AC PTB |
Affected:
1.0;0 , ≤ 1.5.25
(custom)
|
|
| ABB | Terra AC wallbox (CE) Symbiosis |
Affected:
1.0;0 , ≤ 1.2.7
(custom)
|
|
| ABB | Terra AC wallbox (JP) |
Affected:
1.0;0 , ≤ 1.6.5
(custom)
|
Date Public
2023-05-16 18:30
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T16:49:48.531006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T16:50:21.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (UL40/80A)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.5.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (UL32A) ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) (Terra AC MID)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Terra AC Juno CE",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Terra AC PTB ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.5.25",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Symbiosis",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.2.7",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (JP)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements."
}
],
"datePublic": "2023-05-16T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).\u003cp\u003eThis issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\u003c/p\u003e"
}
],
"value": "Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T07:15:52.371Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Configuration data is exchanged in plaintext and could be available to a nearby attacker if present during configuration or usage of the device via Bluetooth Low Energy (BLE).",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2023-0864",
"datePublished": "2023-05-17T07:15:52.371Z",
"dateReserved": "2023-02-16T13:04:48.837Z",
"dateUpdated": "2025-01-22T16:50:21.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0922 (GCVE-0-2023-0922)
Vulnerability from cvelistv5 – Published: 2023-04-03 00:00 – Updated: 2025-02-13 14:54
VLAI
Summary
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
Severity
5.9 (Medium)
CWE
Assigner
References
4 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.samba.org/samba/security/CVE-2023-0922.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230406-0007/"
},
{
"name": "FEDORA-2023-1c172e3264",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBPYIA4VWNOD437NAHZ3NXKAETLFB5S/"
},
{
"name": "GLSA-202309-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T14:54:28.276174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T14:54:44.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samba",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "samba 4.18.1, samba 4.17.7, samba 4.16.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T08:06:29.031Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.samba.org/samba/security/CVE-2023-0922.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230406-0007/"
},
{
"name": "FEDORA-2023-1c172e3264",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBPYIA4VWNOD437NAHZ3NXKAETLFB5S/"
},
{
"name": "GLSA-202309-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-0922",
"datePublished": "2023-04-03T00:00:00.000Z",
"dateReserved": "2023-02-20T00:00:00.000Z",
"dateUpdated": "2025-02-13T14:54:44.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1656 (GCVE-0-2023-1656)
Vulnerability from cvelistv5 – Published: 2023-03-29 19:55 – Updated: 2025-04-14 17:04
VLAI
Title
When the LDAP connector is started with StartTLS configured, LDAP BIND credentials are transmitted insecurely, prior to establishing the TLS connection.
Summary
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.
Severity
7.5 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://backstage.forgerock.com/knowledge/kb/arti… | vendor-advisory |
| https://backstage.forgerock.com/downloads/browse/… | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ForgeRock Inc. | OpenIDM and Java Remote Connector Server (RCS) |
Affected:
1.5.20.9 , ≤ 1.5.20.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://backstage.forgerock.com/knowledge/kb/article/a14149722"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:03:32.619480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:03:41.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "LDAP Connector",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "OpenIDM and Java Remote Connector Server (RCS)",
"vendor": "ForgeRock Inc.",
"versions": [
{
"lessThanOrEqual": "1.5.20.13",
"status": "affected",
"version": "1.5.20.9",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.\u003cp\u003eThis issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.\u003c/p\u003e"
}
],
"value": "Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13."
}
],
"impacts": [
{
"capecId": "CAPEC-555",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-555 Remote Services with Stolen Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:04:02.162Z",
"orgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"shortName": "ForgeRock"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://backstage.forgerock.com/knowledge/kb/article/a14149722"
},
{
"tags": [
"product"
],
"url": "https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to LDAP connector version 1.5.20.14 or later"
}
],
"value": "Upgrade to LDAP connector version 1.5.20.14 or later"
}
],
"source": {
"advisory": "202303",
"discovery": "EXTERNAL"
},
"title": "When the LDAP connector is started with StartTLS configured, LDAP BIND credentials are transmitted insecurely, prior to establishing the TLS connection.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"assignerShortName": "ForgeRock",
"cveId": "CVE-2023-1656",
"datePublished": "2023-03-29T19:55:13.974Z",
"dateReserved": "2023-03-27T14:07:18.820Z",
"dateUpdated": "2025-04-14T17:04:02.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1802 (GCVE-0-2023-1802)
Vulnerability from cvelistv5 – Published: 2023-04-06 08:52 – Updated: 2025-02-10 20:22
VLAI
Title
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed
Summary
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.
Severity
5.9 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.docker.com/desktop/release-notes/#4180 | release-notes |
| https://github.com/docker/for-win/issues/13344 | issue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Docker | Docker Desktop |
Affected:
4.17.0 , < 4.18.0
(semver)
|
Date Public
2023-04-05 17:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#4180"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/docker/for-win/issues/13344"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:22:34.966354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:22:38.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Artifactory Integration"
],
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.18.0",
"status": "affected",
"version": "4.17.0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only users who have the option Access Experimental Features enabled and have logged in to a private registry are affected.\u0026nbsp;"
}
],
"value": "Only users who have the option Access Experimental Features enabled and have logged in to a private registry are affected.\u00a0"
}
],
"datePublic": "2023-04-05T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\u00a0A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \n"
}
],
"impacts": [
{
"capecId": "CAPEC-158",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-158 Sniffing Network Traffic"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-06T08:52:19.506Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4180"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/docker/for-win/issues/13344"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": " Update Docker Desktop to version 4.18.0\u003cbr\u003e"
}
],
"value": " Update Docker Desktop to version 4.18.0\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Disable the Access Experimental Features option from the setting panel\u0026nbsp;"
}
],
"value": "Disable the Access Experimental Features option from the setting panel\u00a0"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2023-1802",
"datePublished": "2023-04-06T08:52:19.506Z",
"dateReserved": "2023-04-03T10:20:15.739Z",
"dateUpdated": "2025-02-10T20:22:38.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Before transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.
Mitigation
Phase: Implementation
Description:
- When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.
Mitigation
Phase: Implementation
Description:
- When designing hardware platforms, ensure that approved encryption algorithms (such as those recommended by NIST) protect paths from security critical data to trusted user applications.
Mitigation
Phase: Testing
Description:
- Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
Mitigation
Phase: Operation
Description:
- Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols.
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
CAPEC-117: Interception
An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position themself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Adversary-In-the-Middle (CAPEC-94) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient.
CAPEC-383: Harvesting Information via API Event Monitoring
An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.
CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
CAPEC-65: Sniff Application Code
An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.