CVE-2019-3782

MEDIUM Year: 2019
CVSS v3 Score
6.3
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-522
View all →

Vulnerability Description

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.

Related Vulnerabilities

CVE-2019-10225

MEDIUM
CVSS:6.3(Medium)

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the rest...

CWE-5222019

CVE-2019-10706

MEDIUM
CVSS:6.3(Medium)

Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a p...

CWE-5222019

CVE-2020-4568

MEDIUM
CVSS:6.3(Medium)

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157.

CWE-5222020

CVE-2024-33496

MEDIUM
CVSS:6.3(Medium)

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Lo...

CWE-5222024

CVE-2024-33497

MEDIUM
CVSS:6.3(Medium)

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Lo...

CWE-5222024

CVE-2024-37362

MEDIUM
CVSS:6.3(Medium)

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522) Hitachi Vantara Pentaho Data Int...

CWE-5222024