CVE-2024-37135

MEDIUM Year: 2024
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-256
View all →

Vulnerability Description

DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Related Vulnerabilities

CVE-2023-50956

MEDIUM
CVSS:4.4(Medium)

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.

CWE-2562023

CVE-2024-25052

MEDIUM
CVSS:4.4(Medium)

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363.

CWE-2562024

CVE-2025-21102

MEDIUM
CVSS:4.4(Medium)

Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, le...

CWE-2562025

CVE-2025-21111

MEDIUM
CVSS:4.4(Medium)

Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, le...

CWE-2562025

CVE-2023-2632

MEDIUM
CVSS:4.3(Medium)

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permissi...

CWE-2562023

CVE-2023-2633

MEDIUM
CVSS:4.3(Medium)

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.

CWE-2562023