CVE-2025-3480

MEDIUM Year: 2025
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-25842.

Related Vulnerabilities

CVE-2017-8446

MEDIUM
CVSS:5.3(Medium)

The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role coul...

CWE-5222017

CVE-2018-21237

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action.

CWE-5222018

CVE-2018-21239

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.

CWE-5222018

CVE-2019-10378

MEDIUM
CVSS:5.3(Medium)

Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CWE-5222019

CVE-2019-4697

MEDIUM
CVSS:5.3(Medium)

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938.

CWE-5222019

CVE-2020-11821

MEDIUM
CVSS:5.3(Medium)

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.

CWE-5222020