CVE-2013-3734

MEDIUM Year: 2013
CVSS v3 Score
6.6
Medium
CVSS v2 Score
6.0
Medium
Weakness Type
CWE-255
View all →

Vulnerability Description

The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console

Related Vulnerabilities

CVE-2015-4684

MEDIUM
CVSS:6.5(Medium)

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modif...

CWE-2552015

CVE-2016-10821

MEDIUM
CVSS:6.5(Medium)

In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).

CWE-2552016

CVE-2016-5950

MEDIUM
CVSS:6.5(Medium)

IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.

CWE-2552016

CVE-2016-6110

MEDIUM
CVSS:6.5(Medium)

IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.

CWE-2552016

CVE-2016-6815

MEDIUM
CVSS:6.5(Medium)

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.

CWE-2552016

CVE-2016-9204

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus 1...

CWE-2552016