CVE-2023-39440

MEDIUM Year: 2023
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-312
View all →

Vulnerability Description

In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity.

Related Vulnerabilities

CVE-2019-6670

MEDIUM
CVSS:4.4(Medium)

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the ...

CWE-3122019

CVE-2020-25678

MEDIUM
CVSS:4.4(Medium)

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible...

CWE-3122020

CVE-2021-22194

MEDIUM
CVSS:4.4(Medium)

In all versions of GitLab, marshalled session keys were being stored in Redis.

CWE-3122021

CVE-2021-25645

MEDIUM
CVSS:4.4(Medium)

An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cle...

CWE-3122021

CVE-2021-38911

MEDIUM
CVSS:4.4(Medium)

IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.

CWE-3122021

CVE-2021-39009

MEDIUM
CVSS:4.4(Medium)

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.

CWE-3122021