Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (882)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-4161 1Broadcom 1Brocade Sannav Feb 6, 2025 Apr 25, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information.
CVE-2023-4509 1Octopus 1Octopus Server Jul 2, 2025 Apr 18, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt.
CVE-2024-31206 - - Nov 21, 2024 Apr 4, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `dectalk-tts@1.0.0`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily interc...Show more dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `dectalk-tts@1.0.0`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle (MITM) attack. The network request was upgraded to HTTPS in version `1.0.1`. There are no workarounds, but some precautions include not sending any sensitive information and carefully verifying the API response before saving it.Show less
CVE-2024-28275 - - Nov 21, 2024 Apr 3, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users'...Show more Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests.Show less
CVE-2024-25960 1Dell 1Powerscale Onefs Feb 20, 2026 Mar 28, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to es...Show more Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.Show less
CVE-2024-25735 1Wyrestorm 1Apollo Vx20 Firmware Nov 4, 2025 Mar 27, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.
CVE-2024-28250 1Cilium 1Cilium Jan 9, 2025 Mar 18, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matchin...Show more Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's Envoy proxy and pods on other nodes is sent unencrypted and Wireguard-eligible traffic that is sent between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.14.8 and 1.15.2 in in native routing mode (`routingMode=native`) and in Cilium 1.14.4 in tunneling mode (`routingMode=tunnel`). Not that in tunneling mode, `encryption.wireguard.encapsulate` must be set to `true`. There is no known workaround for this issue.Show less
CVE-2024-28249 1Cilium 1Cilium Jan 9, 2025 Mar 18, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec...Show more Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue.Show less
CVE-2024-0860 1Softing 2Edgeaggregator Edgeconnector Jan 23, 2025 Mar 14, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.
CVE-2024-25650 1Delinea 2Distributed Engine Secret Server Oct 10, 2025 Mar 14, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-au...Show more Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application.Show less
CVE-2024-26288 1Phoenixcontact 4Charx Sec 3000 Firmware Charx Sec 3050 FirmwareCharx Sec 3100 Firmware+1 more Jan 23, 2025 Mar 12, 2024 N/A· v4 8.7 HIGH· v3 N/A· v2 An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected.
CVE-2023-27291 1Ibm 1Watson Cp4d Data Stores Dec 23, 2024 Mar 3, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID:...Show more IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740.Show less
CVE-2023-47745 1Ibm 1Mq Operator Dec 23, 2024 Mar 3, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read...Show more IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638.Show less
CVE-2021-39090 1Ibm 1Cloud Pak For Security Dec 31, 2024 Feb 29, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploi...Show more IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388.Show less
CVE-2024-0220 1Br Automation 2Automation Studio Technology Guarding May 6, 2025 Feb 22, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to exec...Show more B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.Show less
CVE-2024-25631 1Cilium 1Cilium Dec 18, 2024 Feb 20, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected...Show more Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.Show less
CVE-2024-25630 1Cilium 1Cilium Dec 18, 2024 Feb 20, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traff...Show more Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.Show less
CVE-2023-39245 1Dell 1Enterprise Storage Integrator For Sap Landscape Management Jan 23, 2025 Feb 15, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by...Show more DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials. Show less
CVE-2024-21406 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Nov 21, 2024 Feb 13, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows Printing Service Spoofing Vulnerability
CVE-2023-45716 1Hcltech 1Sametime Jun 3, 2025 Feb 9, 2024 N/A· v4 4.1 MEDIUM· v3 N/A· v2 Sametime is impacted by sensitive information passed in URL.

Previous 1...131415...45 Next