CVE-2023-49238

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-521
View all →

Vulnerability Description

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.

Related Vulnerabilities

CVE-2017-1196

CRITICAL
CVSS:9.8(Critical)

IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: ...

CWE-5212017

CVE-2017-1221

CRITICAL
CVSS:9.8(Critical)

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force I...

CWE-5212017

CVE-2017-12861

CRITICAL
CVSS:9.8(Critical)

The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only th...

CWE-5212017

CVE-2017-14189

CRITICAL
CVSS:9.8(Critical)

An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.

CWE-5212017

CVE-2017-1601

CRITICAL
CVSS:9.8(Critical)

IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compro...

CWE-5212017

CVE-2017-18857

CRITICAL
CVSS:9.8(Critical)

The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement.

CWE-5212017