CVE-2023-2809

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-312
View all →

Vulnerability Description

Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext.

Related Vulnerabilities

CVE-2001-1481

CRITICAL
CVSS:9.8(Critical)

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.

CWE-3122001

CVE-2008-0174

CRITICAL
CVSS:9.8(Critical)

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal t...

CWE-3122008

CVE-2014-5433

CRITICAL
CVSS:9.8(Critical)

An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700B...

CWE-3122014

CVE-2018-18394

CRITICAL
CVSS:9.8(Critical)

Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.

CWE-3122018

CVE-2018-18641

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.

CWE-3122018

CVE-2019-0285

CRITICAL
CVSS:9.8(Critical)

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.

CWE-3122019