CVE-2024-51993

LOW Year: 2024
CVSS v3 Score
3.4
Low
Weakness Type
CWE-312
View all ā†’

Vulnerability Description

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their backups independently of the iTop application. ### Patches Sanitize parameter ### References NĀ°7631 - Password is stored in clear in the database.

Related Vulnerabilities

CVE-2023-46294

LOW
CVSS:3.4(Low)

An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally, and can be decrypted to cleartext passwords using the utility umSetup. This utility requires root p...

CWE-3122023

CVE-2010-3282

LOW
CVSS:3.3(Low)

389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw)...

CWE-3122010

CVE-2019-10433

LOW
CVSS:3.3(Low)

Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file s...

CWE-3122019

CVE-2019-10450

LOW
CVSS:3.3(Low)

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CWE-3122019

CVE-2020-6980

LOW
CVSS:3.3(Low)

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Tra...

CWE-3122020

CVE-2021-37468

LOW
CVSS:3.3(Low)

NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.

CWE-3122021