CVE-2022-40751

MEDIUM Year: 2022
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601.

Related Vulnerabilities

CVE-2018-16984

MEDIUM
CVSS:4.9(Medium)

An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an...

CWE-5222018

CVE-2018-9279

MEDIUM
CVSS:4.9(Medium)

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be re...

CWE-5222018

CVE-2018-9280

MEDIUM
CVSS:4.9(Medium)

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwo...

CWE-5222018

CVE-2019-13349

MEDIUM
CVSS:4.9(Medium)

In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.

CWE-5222019

CVE-2019-13421

MEDIUM
CVSS:4.9(Medium)

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

CWE-5222019

CVE-2019-19310

MEDIUM
CVSS:4.9(Medium)

GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.

CWE-5222019