Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (881)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-27619 1Synology 1Note Station Nov 21, 2024 Aug 3, 2022 N/A· v4 5.9 MEDIUM· v3 N/A· v2 Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecifi...Show more Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.Show less
CVE-2022-31204 1Omron 8Cp1w Cif41 Firmware Cx ProgrammerSysmac Cj2h Firmware+5 more Nov 21, 2024 Jul 26, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensiti...Show more Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.Show less
CVE-2022-28861 1Citilog 1Citilog Nov 21, 2024 Jul 21, 2022 N/A· v4 5.9 MEDIUM· v3 N/A· v2 The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to th...Show more The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server.Show less
CVE-2022-34804 1Jenkins 1Opsgenie Nov 21, 2024 Jun 30, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure.
CVE-2022-34801 1Jenkins 1Build Notifications Nov 21, 2024 Jun 30, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2017-20109 1Calabrio 1Teleopti Workforce Management Nov 21, 2024 Jun 29, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administra...Show more A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure (Credentials). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.Show less
CVE-2022-29519 1Yokogawa 2Stardom Fcj Firmware Stardom Fcn Firmware Nov 21, 2024 Jun 28, 2022 N/A· v4 7.5 HIGH· v3 7.9 HIGH· v2 Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device confi...Show more Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware.Show less
CVE-2022-21829 1Concretecms 1Concrete Cms Nov 21, 2024 Jun 24, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’....Show more Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520.Show less
CVE-2022-1524 1Illumina 1Local Run Manager Nov 21, 2024 Jun 24, 2022 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.
CVE-2022-21184 1Atvise 1Atvise Nov 21, 2024 Jun 17, 2022 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An atta...Show more An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.Show less
CVE-2022-31046 1Typo3 1Typo3 Nov 21, 2024 Jun 14, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particu...Show more TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users.Show less
CVE-2022-25805 1Igel 1Universal Management Suite Nov 21, 2024 Jun 9, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect tra...Show more An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials.Show less
CVE-2022-30115 3Haxx NetappSplunk 10Clustered Data Ontap CurlH300s Firmware+7 more Nov 21, 2024 Jun 2, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given U...Show more Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and not using thetrailing dot in the URL.Show less
CVE-2022-29733 1Deltacontrols 1Entelitouch Firmware Nov 21, 2024 Jun 2, 2022 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credenti...Show more Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack.Show less
CVE-2021-28509 1Arista 2Eos Terminattr Nov 21, 2024 May 26, 2022 N/A· v4 6.1 MEDIUM· v3 3.6 LOW· v2 This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain co...Show more This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device.Show less
CVE-2021-28508 1Arista 2Eos Terminattr Nov 21, 2024 May 26, 2022 N/A· v4 6.1 MEDIUM· v3 3.6 LOW· v2 This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain co...Show more This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device.Show less
CVE-2022-26077 1Openautomationsoftware 1Oas Platform Nov 21, 2024 May 25, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack...Show more A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.Show less
CVE-2021-32966 1Philips 1Interoperability Solution Xds Nov 21, 2024 May 25, 2022 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain contro...Show more Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.Show less
CVE-2022-21951 1Suse 1Rancher Nov 21, 2024 May 25, 2022 N/A· v4 6.8 MEDIUM· v3 3.6 LOW· v2 A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when...Show more A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.Show less
CVE-2022-29874 1Siemens 367kg8500 0aa00 0aa0 Firmware 7kg8500 0aa00 2aa0 Firmware7kg8500 0aa10 0aa0 Firmware+33 more Dec 9, 2025 May 20, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to captur...Show more A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device.Show less

Previous 1...222324...45 Next