Total
1380 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5248 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 5.0 MEDIUM | 7.2 HIGH |
| GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not know which columns or rows in the database are using that; espcially from plugins. Changing the key without updating data would lend in bad password sent from glpi; but storing them again from the UI will work. | |||||
| CVE-2020-5222 | 1 Apereo | 1 Opencast | 2024-11-21 | 6.5 MEDIUM | 6.8 MEDIUM |
| Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1 | |||||
| CVE-2020-4932 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 191748. | |||||
| CVE-2020-4854 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454. | |||||
| CVE-2020-4690 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697. | |||||
| CVE-2020-4622 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983. | |||||
| CVE-2020-4459 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 181395. | |||||
| CVE-2020-4429 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534. | |||||
| CVE-2020-4385 | 1 Ibm | 1 Verify Gateway | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266. | |||||
| CVE-2020-4283 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 176206. | |||||
| CVE-2020-4269 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-ForceID: 175845. | |||||
| CVE-2020-4216 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066. | |||||
| CVE-2020-4208 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975. | |||||
| CVE-2020-4190 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851. | |||||
| CVE-2020-4177 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174732. | |||||
| CVE-2020-4157 | 1 Ibm | 1 Qradar Network Security | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174337. | |||||
| CVE-2020-4150 | 1 Ibm | 1 Security Siteprotector System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142. | |||||
| CVE-2020-4001 | 1 Vmware | 1 Sd-wan Orchestrator | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack. | |||||
| CVE-2020-3928 | 1 Usavisionsys | 10 Geovision Gv-as1010, Geovision Gv-as1010 Firmware, Geovision Gv-as210 and 7 more | 2024-11-21 | 10.0 HIGH | 6.2 MEDIUM |
| GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices. | |||||
| CVE-2020-3446 | 1 Cisco | 10 Csp 5228-w, Csp 5228-w Firmware, Csp 5436-w and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges. | |||||