Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (881)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-2210 1Jenkins 1Stash Branch Parameter Nov 21, 2024 Jul 2, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
CVE-2020-5899 1F5 1Nginx Controller Nov 21, 2024 Jul 1, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read...Show more In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code.Show less
CVE-2020-12048 1Baxter 1Phoenix X36 Firmware Nov 21, 2024 Jun 29, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between...Show more Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool.Show less
CVE-2020-12040 1Baxter 1Sigma Spectrum Infusion System Firmware Nov 21, 2024 Jun 29, 2020 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and re...Show more Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack.Show less
CVE-2020-12037 1Baxter 2Prismaflex Firmware Prismax Firmware Nov 21, 2024 Jun 29, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Managemen...Show more Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.Show less
CVE-2020-12036 1Baxter 2Prismaflex Firmware Prismax Firmware Nov 21, 2024 Jun 29, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Managemen...Show more Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.Show less
CVE-2020-12008 1Baxter 2Em1200 Firmware Em2400 Firmware Nov 21, 2024 Jun 29, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network ac...Show more Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI.Show less
CVE-2019-18248 1Biotronik 2Cardiomessenger Ii S Gsm Firmware Cardiomessenger Ii S T Line Firmware Nov 21, 2024 Jun 29, 2020 N/A· v4 4.3 MEDIUM· v3 3.3 LOW· v2 BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to...Show more BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure.Show less
CVE-2020-10628 1Honeywell 2Controledge Plc Firmware Controledge Rtu Firmware Nov 21, 2024 Jun 26, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network.
CVE-2020-10624 1Honeywell 2Controledge Plc Firmware Controledge Rtu Firmware Nov 21, 2024 Jun 26, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.
CVE-2020-5594 1Mitsubishielectric 5Melsec Fx Firmware Melsec L FirmwareMelsec Q Firmware+2 more Nov 21, 2024 Jun 23, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 v...Show more Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.Show less
CVE-2020-14930 1Bt Ctroms Terminal Project 1Bt Ctroms Terminal Nov 21, 2024 Jun 19, 2020 N/A· v4 8.1 HIGH· v3 4.3 MEDIUM· v2 An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is t...Show more An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client.Show less
CVE-2020-14157 1Abus 1Secvest Wireless Control Fube50001 Firmware Nov 21, 2024 Jun 17, 2020 N/A· v4 8.1 HIGH· v3 4.8 MEDIUM· v2 The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm t...Show more The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.Show less
CVE-2020-14093 4Canonical DebianMutt+1 more 4Debian Linux LeapMutt+1 more Nov 21, 2024 Jun 15, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
CVE-2020-11614 1Mids' Reborn Hero Designer Project 1Mids' Reborn Hero Designer Nov 21, 2024 Jun 11, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attack...Show more Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer.Show less
CVE-2020-1343 1Microsoft 1Visual Studio Live Share Nov 21, 2024 Jun 9, 2020 N/A· v4 5.9 MEDIUM· v3 5.0 MEDIUM· v2 An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'.
CVE-2020-13787 1Dlink 1Dir 865l Firmware Nov 21, 2024 Jun 3, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
CVE-2020-2013 1Paloaltonetworks 1Pan Os Nov 21, 2024 May 13, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context s...Show more A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All version of PAN-OS 8.0;Show less
CVE-2019-4667 1Ibm 1Urbancode Deploy Nov 21, 2024 May 11, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to o...Show more IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249.Show less
CVE-2020-4092 1Hcltech 1Hcl Nomad Nov 21, 2024 May 6, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 "If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encry...Show more "If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. This can potentially expose sensitive information including but not limited to server names, user IDs and document content."Show less

Previous 1...313233...45 Next