Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (879)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-10397 1Jenkins 1Aqua Security Severless Scanner Nov 21, 2024 Sep 12, 2019 N/A· v4 3.1 LOW· v3 2.6 LOW· v2 Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.
CVE-2019-5503 1Netapp 1Oncommand Workflow Automation Nov 21, 2024 Sep 10, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
CVE-2019-14319 1Tiktok 1Tiktok Nov 21, 2024 Sep 4, 2019 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network...Show more The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.Show less
CVE-2019-10391 1Jenkins 1Ibm Application Security On Cloud Nov 21, 2024 Aug 28, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.
CVE-2019-5635 1Belwith Keeler 1Hickory Smart Ethernet Bridge Firmware Nov 21, 2024 Aug 22, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates ove...Show more A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information.Show less
CVE-2019-11276 1Pivotal Software 1Application Service Nov 21, 2024 Aug 19, 2019 N/A· v4 5.4 MEDIUM· v3 4.8 MEDIUM· v2 Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via S...Show more Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent unauthenticated user could eavesdrop on the network traffic and gain access to the unencrypted token allowing the attacker to read the type of access a user has over an app. They may also modify the logging level, potentially leading to lost information that would otherwise have been logged.Show less
CVE-2019-15135 1Omg 1Dds Security Nov 21, 2024 Aug 18, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which make...Show more The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network.Show less
CVE-2019-0348 1Sap 1Businessobjects Business Intelligence Nov 21, 2024 Aug 14, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted.
CVE-2019-0346 1Sap 1Businessobjects Business Intelligence Nov 21, 2024 Aug 14, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems...Show more Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Disclosure.Show less
CVE-2019-14664 2Enigmail Fedoraproject 2Enigmail Fedora Nov 21, 2024 Aug 5, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters...Show more In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the "EFAIL" attacks.Show less
CVE-2019-10363 1Jenkins 1Configuration As Code Nov 21, 2024 Jul 31, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form.
CVE-2019-5448 1Yarnpkg 1Yarn Nov 21, 2024 Jul 30, 2019 N/A· v4 8.1 HIGH· v3 4.3 MEDIUM· v2 Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.
CVE-2019-13498 1Oneidentity 1Cloud Access Manager Nov 21, 2024 Jul 29, 2019 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4.
CVE-2019-12820 1Jisiwei 1I3 Firmware Nov 21, 2024 Jul 19, 2019 N/A· v4 5.6 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypte...Show more A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account, the login request is being sent in cleartext. The vulnerability exists in both the Android and iOS version of the app. An attacker could exploit this by using an MiTM attack on the local network to obtain someone's login credentials, which gives them full access to the robot vacuum cleaner.Show less
CVE-2019-10102 1Jetbrains 2Kotlin Ktor Nov 21, 2024 Jul 3, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed...Show more JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.Show less
CVE-2019-10101 1Jetbrains 1Kotlin Nov 21, 2024 Jul 3, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
CVE-2019-6640 1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more Nov 21, 2024 Jul 3, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels. This issue is exposed when...Show more On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is inserted into various profile types and accessed using SNMPv2.Show less
CVE-2018-11422 1Moxa 2Oncell G3150 Hspa T Firmware Oncell G3150 Hspa Firmware Nov 21, 2024 Jul 3, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in...Show more Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any commands (including device reboot, configuration download or upload, or firmware upgrade) are accepted and executed by the device without authentication.Show less
CVE-2018-11421 1Moxa 2Oncell G3150 Hspa T Firmware Oncell G3150 Hspa Firmware Nov 21, 2024 Jul 3, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in pl...Show more Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator's password. Under certain conditions, it's also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages.Show less
CVE-2019-3619 1Mcafee 1Epolicy Orchestrator Nov 21, 2024 Jul 3, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text...Show more Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.Show less

Previous 1...373839...44 Next