CVE-2023-50894

Published: Mar 26, 2024Modified: Sep 19, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information.

Affected (1)

Products: Janitza: Gridvis

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Janitza Gridvis	Before 9.0.67

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://code-white.com

Source: cve@mitre.org

Not Applicable

https://code-white.com/public-vulnerability-list/

Source: cve@mitre.org

Third Party Advisory

https://code-white.com

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://code-white.com/public-vulnerability-list/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.