Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (881)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-4695 1Ibm 1Api Connect Nov 21, 2024 Mar 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of con...Show more IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality.Show less
CVE-2021-26565 1Synology 4Diskstation Manager Diskstation Manager Unified ControllerSkynas Firmware+1 more Jan 14, 2025 Feb 26, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP sessio...Show more Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.Show less
CVE-2021-26564 1Synology 4Diskstation Manager Diskstation Manager Unified ControllerSkynas Firmware+1 more Jan 14, 2025 Feb 26, 2021 N/A· v4 8.7 HIGH· v3 5.8 MEDIUM· v2 Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2021-26560 1Synology 4Diskstation Manager Diskstation Manager Unified ControllerSkynas Firmware+1 more Jan 14, 2025 Feb 26, 2021 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2021-22703 1Schneider Electric 10Powerlogic Ion7400 Firmware Powerlogic Ion7650 FirmwarePowerlogic Ion8300 Firmware+7 more May 29, 2026 Feb 19, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that c...Show more A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.Show less
CVE-2021-22702 1Schneider Electric 12Powerlogic Ion7300 Firmware Powerlogic Ion7400 FirmwarePowerlogic Ion7650 Firmware+9 more May 29, 2026 Feb 19, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected ver...Show more A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.Show less
CVE-2020-25605 1Agora 1Video Software Development Kit Nov 21, 2024 Feb 17, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffi...Show more Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic.Show less
CVE-2021-27209 1Tp Link 1Archer C5v Firmware Nov 21, 2024 Feb 13, 2021 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.
CVE-2021-20409 1Ibm 1Security Verify Information Queue Nov 21, 2024 Feb 12, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this...Show more IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 196188.Show less
CVE-2021-20335 1Mongodb 1Ops Manager Nov 21, 2024 Feb 11, 2021 N/A· v4 4.6 MEDIUM· v3 4.1 MEDIUM· v2 For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including...Show more For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. This issue is temporary and eventually corrects itself after MongoDB Ops Manager instances have finished upgrading to MongoDB Ops Manager 4.4. In addition, customers must be running with clientCertificateMode=OPTIONAL / allowConnectionsWithoutCertificates=true to be impacted. Customers upgrading from Ops Manager 4.2.X to 4.2.24 and finally to Ops Manager 4.4.13+ are unaffected by this issue.Show less
CVE-2020-8355 1Lenovo 1Xclarity Administrator Nov 21, 2024 Feb 10, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captur...Show more An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted.Show less
CVE-2021-20623 1Panasonic 1Video Insight Vms Nov 21, 2024 Feb 5, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.
CVE-2020-29662 1Linuxfoundation 1Harbor Nov 21, 2024 Feb 2, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.
CVE-2020-29005 1Mediawiki 1Mediawiki Nov 21, 2024 Jan 29, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.
CVE-2020-25169 1Reolink 7Rlc 410 Firmware Rlc 422 FirmwareRlc 423 Firmware+4 more Nov 21, 2024 Jan 26, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds.
CVE-2021-21270 1Octopus 1Octopusdsc Nov 21, 2024 Jan 22, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to...Show more OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.Show less
CVE-2020-4969 1Ibm 1Security Identity Governance And Intelligence Nov 21, 2024 Jan 21, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit th...Show more IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.Show less
CVE-2020-4597 1Ibm 1Security Guardium Insights Nov 21, 2024 Jan 13, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this li...Show more IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 184822.Show less
CVE-2020-4893 1Ibm 1Emptoris Strategic Supply Management Nov 21, 2024 Jan 7, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 1...Show more IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.Show less
CVE-2020-4899 1Ibm 1Api Connect Nov 21, 2024 Jan 5, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.

Previous 1...282930...45 Next