CVE-2020-8968

HIGH Year: 2020
CVSS v3 Score
7.1
High
CVSS v2 Score
2.1
Low
Weakness Type
CWE-255
View all →

Vulnerability Description

Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.

Related Vulnerabilities

CVE-2015-8109

HIGH
CVSS:7.0(High)

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowle...

CWE-2552015

CVE-2016-4996

HIGH
CVSS:7.0(High)

discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local us...

CWE-2552016

CVE-2020-24680

HIGH
CVSS:7.0(High)

In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.

CWE-2552020

CVE-2015-6336

HIGH
CVSS:7.3(High)

Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vecto...

CWE-2552015

CVE-2016-0330

HIGH
CVSS:7.3(High)

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by ...

CWE-2552016

CVE-2016-2936

HIGH
CVSS:7.3(High)

IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors.

CWE-2552016