How severe is CVE-2019-18615?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2019-18615?

This is classified as CWE-312, which is a common weakness in software security.

CVE-2019-18615

MEDIUM Year: 2019

CVSS v3 Score

4.9

Medium

CVSS v2 Score

3.5

Low

Weakness Type

CWE-312

View all →

Vulnerability Description

In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which are different from the user's login password, OR 2. There are configlet builders that use the Device class and specify username and password explicitly Application logs are not accessible or visible from the CVP GUI. Application logs can only be read by authorized users with privileged access to the VM hosting the CVP application.

CVE-2020-11415

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in clea...

CWE-3122020

CVE-2021-20162

MEDIUM

CVSS:4.9(Medium)

Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains t...

CWE-3122021

CVE-2021-22206

MEDIUM

CVSS:4.9(Medium)

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,

CWE-3122021

CVE-2021-27233

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is ...

CWE-3122021

CVE-2021-33325

MEDIUM

CVSS:4.9(Medium)

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the...

CWE-3122021

CVE-2022-22366

MEDIUM

CVSS:4.9(Medium)

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.

CWE-3122022

CVE-2019-18615

Vulnerability Description

Related Vulnerabilities

CVE-2020-11415

CVE-2021-20162

CVE-2021-22206

CVE-2021-27233

CVE-2021-33325

CVE-2022-22366