CVE-2024-13843

MEDIUM Year: 2024
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-312
View all →

Vulnerability Description

Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

Related Vulnerabilities

CVE-2019-6670

MEDIUM
CVSS:4.4(Medium)

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the ...

CWE-3122019

CVE-2020-25678

MEDIUM
CVSS:4.4(Medium)

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible...

CWE-3122020

CVE-2021-22194

MEDIUM
CVSS:4.4(Medium)

In all versions of GitLab, marshalled session keys were being stored in Redis.

CWE-3122021

CVE-2021-25645

MEDIUM
CVSS:4.4(Medium)

An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cle...

CWE-3122021

CVE-2021-38911

MEDIUM
CVSS:4.4(Medium)

IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.

CWE-3122021

CVE-2021-39009

MEDIUM
CVSS:4.4(Medium)

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.

CWE-3122021