CVE-2021-33325

MEDIUM Year: 2021
CVSS v3 Score
4.9
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-312
View all →

Vulnerability Description

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the database to obtain a user's password.

Related Vulnerabilities

CVE-2019-18615

MEDIUM
CVSS:4.9(Medium)

In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user passwor...

CWE-3122019

CVE-2020-11415

MEDIUM
CVSS:4.9(Medium)

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in clea...

CWE-3122020

CVE-2021-20162

MEDIUM
CVSS:4.9(Medium)

Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains t...

CWE-3122021

CVE-2021-22206

MEDIUM
CVSS:4.9(Medium)

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,

CWE-3122021

CVE-2021-27233

MEDIUM
CVSS:4.9(Medium)

An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is ...

CWE-3122021

CVE-2022-22366

MEDIUM
CVSS:4.9(Medium)

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.

CWE-3122022