CVE-2020-5426

HIGH Year: 2020
CVSS v3 Score
8.6
High
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-319
View all →

Vulnerability Description

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.

Related Vulnerabilities

CVE-2021-26564

HIGH
CVSS:8.7(High)

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP s...

CWE-3192021

CVE-2024-0056

HIGH
CVSS:8.7(High)

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

CWE-3192024

CVE-2024-26288

HIGH
CVSS:8.7(High)

An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected.

CWE-3192024

CVE-2018-11050

HIGH
CVSS:8.8(High)

Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing P...

CWE-3192018

CVE-2018-5402

HIGH
CVSS:8.8(High)

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once ...

CWE-3192018

CVE-2018-8842

HIGH
CVSS:8.8(High)

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorize...

CWE-3192018