CVE-2023-39245

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-319
View all →

Vulnerability Description

DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.

Related Vulnerabilities

CVE-2016-5649

CRITICAL
CVSS:9.8(Critical)

A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access...

CWE-3192016

CVE-2017-15999

CRITICAL
CVSS:9.8(Critical)

In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an...

CWE-3192017

CVE-2018-11421

CRITICAL
CVSS:9.8(Critical)

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All infor...

CWE-3192018

CVE-2018-11422

CRITICAL
CVSS:9.8(Critical)

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All in...

CWE-3192018

CVE-2018-11749

CRITICAL
CVSS:9.8(Critical)

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4...

CWE-3192018

CVE-2018-1297

CRITICAL
CVSS:9.8(Critical)

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

CWE-3192018