CVE-2022-26390

MEDIUM Year: 2022
CVSS v3 Score
4.2
Medium
Weakness Type
CWE-311
View all →

Vulnerability Description

The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.

Related Vulnerabilities

CVE-2017-8168

MEDIUM
CVSS:4.3(Medium)

FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmissio...

CWE-3112017

CVE-2019-4616

MEDIUM
CVSS:4.3(Medium)

IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or...

CWE-3112019

CVE-2020-2239

MEDIUM
CVSS:4.3(Medium)

Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to ...

CWE-3112020

CVE-2021-29883

MEDIUM
CVSS:4.3(Medium)

IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cooki...

CWE-3112021

CVE-2021-40642

MEDIUM
CVSS:4.3(Medium)

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login...

CWE-3112021

CVE-2022-34307

MEDIUM
CVSS:4.3(Medium)

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this li...

CWE-3112022