CVE-2021-29043

MEDIUM Year: 2021
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle attacks or shoulder surfing.

Related Vulnerabilities

CVE-2017-16718

MEDIUM
CVSS:5.9(Medium)

Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via AD...

CWE-5222017

CVE-2019-4138

MEDIUM
CVSS:5.9(Medium)

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An...

CWE-5222019

CVE-2019-4385

MEDIUM
CVSS:5.9(Medium)

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. I...

CWE-5222019

CVE-2020-23036

MEDIUM
CVSS:5.9(Medium)

MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. ...

CWE-5222020

CVE-2021-23222

MEDIUM
CVSS:5.9(Medium)

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

CWE-5222021

CVE-2021-34075

MEDIUM
CVSS:5.9(Medium)

In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.

CWE-5222021