CVE-2024-40620

MEDIUM Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-311
View all →

Vulnerability Description

CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality.

Related Vulnerabilities

CVE-2007-4961

HIGH
CVSS:7.5(High)

The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd fie...

CWE-3112007

CVE-2016-10598

HIGH
CVSS:7.5(High)

arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code ...

CWE-3112016

CVE-2016-10608

HIGH
CVSS:7.5(High)

robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execut...

CWE-3112016

CVE-2017-12817

HIGH
CVSS:7.5(High)

In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.

CWE-3112017

CVE-2017-15581

HIGH
CVSS:7.5(High)

In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a ...

CWE-3112017

CVE-2017-15609

HIGH
CVSS:7.5(High)

Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.

CWE-3112017