CVE-2017-8168

MEDIUM Year: 2017
CVSS v3 Score
4.3
Medium
CVSS v2 Score
3.3
Low
Weakness Type
CWE-311
View all →

Vulnerability Description

FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmission channel is not encrypted. An attacker accessing the internal network may obtain sensitive information transmitted.

Related Vulnerabilities

CVE-2019-4616

MEDIUM
CVSS:4.3(Medium)

IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or...

CWE-3112019

CVE-2020-2239

MEDIUM
CVSS:4.3(Medium)

Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to ...

CWE-3112020

CVE-2021-29883

MEDIUM
CVSS:4.3(Medium)

IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cooki...

CWE-3112021

CVE-2021-40642

MEDIUM
CVSS:4.3(Medium)

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login...

CWE-3112021

CVE-2022-34307

MEDIUM
CVSS:4.3(Medium)

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this li...

CWE-3112022

CVE-2023-32982

MEDIUM
CVSS:4.3(Medium)

Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read per...

CWE-3112023