Common Weakness Enumeration
CWE-922
Allowed-with-ReviewInsecure Storage of Sensitive Information
Abstraction: Class · Status: Incomplete
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
437 vulnerabilities reference this CWE, most recent first.
CVE-2022-20939 (GCVE-0-2022-20939)
Vulnerability from cvelistv5 – Published: 2024-11-15 15:25 – Updated: 2024-11-15 15:35
VLAI
EPSS
VEX
Title
Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system.
This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Smart Software Manager On-Prem |
Affected:
7-202001
Affected: 1.1 Affected: 6.3.0 Affected: 8-202004 Affected: 5.1.0 (LD) Affected: 8-202006 Affected: 1.2 Affected: 1.3 Affected: 8-202012 Affected: 8-202010 Affected: 8-202008 Affected: 8-202102 Affected: 1.4 Affected: 8-202105 Affected: 8-202108 Affected: 8-202112 Affected: 8-202201 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:35:35.843732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:35:52.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Smart Software Manager On-Prem",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7-202001"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "8-202004"
},
{
"status": "affected",
"version": "5.1.0 (LD)"
},
{
"status": "affected",
"version": "8-202006"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "8-202012"
},
{
"status": "affected",
"version": "8-202010"
},
{
"status": "affected",
"version": "8-202008"
},
{
"status": "affected",
"version": "8-202102"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "8-202105"
},
{
"status": "affected",
"version": "8-202108"
},
{
"status": "affected",
"version": "8-202112"
},
{
"status": "affected",
"version": "8-202201"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system.\r\nThis vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "Insecure Storage of Sensitive Information",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:25:32.612Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cssm-priv-esc-SEjz69dv",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"
}
],
"source": {
"advisory": "cisco-sa-cssm-priv-esc-SEjz69dv",
"defects": [
"CSCwb98281"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20939",
"datePublished": "2024-11-15T15:25:32.612Z",
"dateReserved": "2021-11-02T13:28:29.193Z",
"dateUpdated": "2024-11-15T15:35:52.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2815 (GCVE-0-2022-2815)
Vulnerability from cvelistv5 – Published: 2023-01-14 00:00 – Updated: 2025-04-07 18:30
VLAI
EPSS
VEX
Title
Insecure Storage of Sensitive Information in publify/publify
Summary
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
Severity
4.6 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/22fdcc39-8c1a-4e4c-8eae-be3fd764f8b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/af69097d349f4c00f244c51cd3c3e937fd3387cd"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2815",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T18:30:32.157356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T18:30:42.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-14T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/22fdcc39-8c1a-4e4c-8eae-be3fd764f8b4"
},
{
"url": "https://github.com/publify/publify/commit/af69097d349f4c00f244c51cd3c3e937fd3387cd"
}
],
"source": {
"advisory": "22fdcc39-8c1a-4e4c-8eae-be3fd764f8b4",
"discovery": "EXTERNAL"
},
"title": "Insecure Storage of Sensitive Information in publify/publify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2815",
"datePublished": "2023-01-14T00:00:00.000Z",
"dateReserved": "2022-08-14T00:00:00.000Z",
"dateUpdated": "2025-04-07T18:30:42.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1257 (GCVE-0-2022-1257)
Vulnerability from cvelistv5 – Published: 2022-04-14 13:50 – Updated: 2024-08-02 23:55
VLAI
EPSS
VEX
Title
Improper Verification of Cryptographic Signature by McAfee Agent
Summary
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files.
Severity
6.1 (Medium)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee,LLC | McAfee Agent |
Affected:
unspecified , < 5.7.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee Agent",
"vendor": "McAfee,LLC",
"versions": [
{
"lessThan": "5.7.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922: Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T13:50:18.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Verification of Cryptographic Signature by McAfee Agent",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2022-1257",
"STATE": "PUBLIC",
"TITLE": "Improper Verification of Cryptographic Signature by McAfee Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Agent",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.7.6"
}
]
}
}
]
},
"vendor_name": "McAfee,LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922: Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2022-1257",
"datePublished": "2022-04-14T13:50:18.000Z",
"dateReserved": "2022-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1044 (GCVE-0-2022-1044)
Vulnerability from cvelistv5 – Published: 2022-05-12 08:10 – Updated: 2024-08-02 23:47
VLAI
EPSS
VEX
Title
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in polonel/trudesk
Summary
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.
Severity
8.2 (High)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/ff878be9-563a-4d0e-99c… | x_refsource_CONFIRM |
| https://github.com/polonel/trudesk/commit/097b482… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < v1.2.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ff878be9-563a-4d0e-99c1-fc3c767f6d3e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/097b4823935c4fa524e71ab2dd107cf2056922b0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "v1.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T08:10:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ff878be9-563a-4d0e-99c1-fc3c767f6d3e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/097b4823935c4fa524e71ab2dd107cf2056922b0"
}
],
"source": {
"advisory": "ff878be9-563a-4d0e-99c1-fc3c767f6d3e",
"discovery": "EXTERNAL"
},
"title": "Sensitive Data Exposure Due To Insecure Storage Of Profile Image in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1044",
"STATE": "PUBLIC",
"TITLE": "Sensitive Data Exposure Due To Insecure Storage Of Profile Image in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.2.1"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ff878be9-563a-4d0e-99c1-fc3c767f6d3e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ff878be9-563a-4d0e-99c1-fc3c767f6d3e"
},
{
"name": "https://github.com/polonel/trudesk/commit/097b4823935c4fa524e71ab2dd107cf2056922b0",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/097b4823935c4fa524e71ab2dd107cf2056922b0"
}
]
},
"source": {
"advisory": "ff878be9-563a-4d0e-99c1-fc3c767f6d3e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1044",
"datePublished": "2022-05-12T08:10:10.000Z",
"dateReserved": "2022-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:43.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1021 (GCVE-0-2022-1021)
Vulnerability from cvelistv5 – Published: 2022-08-19 12:40 – Updated: 2024-08-02 23:47
VLAI
EPSS
VEX
Title
Insecure Storage of Sensitive Information in chatwoot/chatwoot
Summary
Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.
Severity
7.6 (High)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/a8187478-75e1-4d62-b89… | x_refsource_CONFIRM |
| https://github.com/chatwoot/chatwoot/commit/24b20… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| chatwoot | chatwoot/chatwoot |
Affected:
unspecified , < 2.6.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a8187478-75e1-4d62-b894-651269401ca3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/chatwoot/chatwoot/commit/24b20c10cebd25e61de8d4266c63fde94772e889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "chatwoot/chatwoot",
"vendor": "chatwoot",
"versions": [
{
"lessThan": "2.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-19T12:40:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a8187478-75e1-4d62-b894-651269401ca3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/chatwoot/chatwoot/commit/24b20c10cebd25e61de8d4266c63fde94772e889"
}
],
"source": {
"advisory": "a8187478-75e1-4d62-b894-651269401ca3",
"discovery": "EXTERNAL"
},
"title": "Insecure Storage of Sensitive Information in chatwoot/chatwoot",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1021",
"STATE": "PUBLIC",
"TITLE": "Insecure Storage of Sensitive Information in chatwoot/chatwoot"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "chatwoot/chatwoot",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.6.0"
}
]
}
}
]
},
"vendor_name": "chatwoot"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a8187478-75e1-4d62-b894-651269401ca3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a8187478-75e1-4d62-b894-651269401ca3"
},
{
"name": "https://github.com/chatwoot/chatwoot/commit/24b20c10cebd25e61de8d4266c63fde94772e889",
"refsource": "MISC",
"url": "https://github.com/chatwoot/chatwoot/commit/24b20c10cebd25e61de8d4266c63fde94772e889"
}
]
},
"source": {
"advisory": "a8187478-75e1-4d62-b894-651269401ca3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1021",
"datePublished": "2022-08-19T12:40:10.000Z",
"dateReserved": "2022-03-18T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:43.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0881 (GCVE-0-2022-0881)
Vulnerability from cvelistv5 – Published: 2022-03-09 08:35 – Updated: 2024-08-02 23:40
VLAI
EPSS
VEX
Title
Insecure Storage of Sensitive Information in chocobozzz/peertube
Summary
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.
Severity
7.6 (High)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/2628431e-6a98-4063-a0e… | x_refsource_CONFIRM |
| https://github.com/chocobozzz/peertube/commit/0c0… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| chocobozzz | chocobozzz/peertube |
Affected:
unspecified , < 4.1.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "chocobozzz/peertube",
"vendor": "chocobozzz",
"versions": [
{
"lessThan": "4.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T08:35:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8"
}
],
"source": {
"advisory": "2628431e-6a98-4063-a0e3-a8b1d9ebaa9c",
"discovery": "EXTERNAL"
},
"title": "Insecure Storage of Sensitive Information in chocobozzz/peertube",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0881",
"STATE": "PUBLIC",
"TITLE": "Insecure Storage of Sensitive Information in chocobozzz/peertube"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "chocobozzz/peertube",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.1"
}
]
}
}
]
},
"vendor_name": "chocobozzz"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c"
},
{
"name": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8",
"refsource": "MISC",
"url": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8"
}
]
},
"source": {
"advisory": "2628431e-6a98-4063-a0e3-a8b1d9ebaa9c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0881",
"datePublished": "2022-03-09T08:35:10.000Z",
"dateReserved": "2022-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:04.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0724 (GCVE-0-2022-0724)
Vulnerability from cvelistv5 – Published: 2022-02-23 10:45 – Updated: 2024-08-02 23:40
VLAI
EPSS
VEX
Title
Insecure Storage of Sensitive Information in microweber/microweber
Summary
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
Severity
9.1 (Critical)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/0cdc4a29-dada-4264-b32… | x_refsource_CONFIRM |
| https://github.com/microweber/microweber/commit/b… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| microweber | microweber/microweber |
Affected:
unspecified , < 1.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-23T10:45:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3"
}
],
"source": {
"advisory": "0cdc4a29-dada-4264-b326-8b65b4f11062",
"discovery": "EXTERNAL"
},
"title": "Insecure Storage of Sensitive Information in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0724",
"STATE": "PUBLIC",
"TITLE": "Insecure Storage of Sensitive Information in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062"
},
{
"name": "https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3"
}
]
},
"source": {
"advisory": "0cdc4a29-dada-4264-b326-8b65b4f11062",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0724",
"datePublished": "2022-02-23T10:45:11.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:03.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28815 (GCVE-0-2021-28815)
Vulnerability from cvelistv5 – Published: 2021-06-16 04:00 – Updated: 2024-09-17 01:16
VLAI
EPSS
VEX
Title
Insecure Storage of Sensitive Information in myQNAPcloud Link
Summary
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.
Severity
6 (Medium)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/zh-tw/security-advisory/qsa-21-26 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | myQNAPcloud Link |
Affected:
unspecified , < 2.2.21
(custom)
|
Date Public
2021-06-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.3"
],
"product": "myQNAPcloud Link",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.2.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTS hero h4.5.2"
],
"product": "myQNAPcloud Link",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.2.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTScloud c4.5.4"
],
"product": "myQNAPcloud Link",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.2.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "CJ Fairhead"
}
],
"datePublic": "2021-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T04:00:11.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26"
}
],
"solutions": [
{
"lang": "en",
"value": "QNAP have already fixed this vulnerability in the following versions of myQNAPcloud Link:\n\nQTS 4.5.3: myQNAPcloud Link 2.2.21 and later\nQuTS hero h4.5.2: myQNAPcloud Link 2.2.21 and later\nQuTScloud c4.5.4: myQNAPcloud Link 2.2.21 and later"
}
],
"source": {
"advisory": "QSA-21-26",
"discovery": "EXTERNAL"
},
"title": "Insecure Storage of Sensitive Information in myQNAPcloud Link",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-06-16T00:32:00.000Z",
"ID": "CVE-2021-28815",
"STATE": "PUBLIC",
"TITLE": "Insecure Storage of Sensitive Information in myQNAPcloud Link"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myQNAPcloud Link",
"version": {
"version_data": [
{
"platform": "QTS 4.5.3",
"version_affected": "\u003c",
"version_value": "2.2.21"
},
{
"platform": "QuTS hero h4.5.2",
"version_affected": "\u003c",
"version_value": "2.2.21"
},
{
"platform": "QuTScloud c4.5.4",
"version_affected": "\u003c",
"version_value": "2.2.21"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "CJ Fairhead"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26",
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26"
}
]
},
"solution": [
{
"lang": "en",
"value": "QNAP have already fixed this vulnerability in the following versions of myQNAPcloud Link:\n\nQTS 4.5.3: myQNAPcloud Link 2.2.21 and later\nQuTS hero h4.5.2: myQNAPcloud Link 2.2.21 and later\nQuTScloud c4.5.4: myQNAPcloud Link 2.2.21 and later"
}
],
"source": {
"advisory": "QSA-21-26",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-28815",
"datePublished": "2021-06-16T04:00:11.639Z",
"dateReserved": "2021-03-18T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:16:56.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25524 (GCVE-0-2021-25524)
Vulnerability from cvelistv5 – Published: 2021-12-08 14:20 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
Severity
4 (Medium)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/serviceWeb.sms… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Contacts |
Affected:
- , < 12.7.05.24 in Android R(11.0)
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contacts",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "12.7.05.24 in Android R(11.0)",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922: Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-08T14:20:42.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contacts",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "-",
"version_value": "12.7.05.24 in Android R(11.0)"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922: Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2021-25524",
"datePublished": "2021-12-08T14:20:42.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25523 (GCVE-0-2021-25523)
Vulnerability from cvelistv5 – Published: 2021-12-08 14:20 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
Severity
4 (Medium)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/serviceWeb.sms… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | SamsungDialer |
Affected:
- , < 12.7.05.24 in Android R(11.0)
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SamsungDialer",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "12.7.05.24 in Android R(11.0)",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922: Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-08T14:20:32.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SamsungDialer",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "-",
"version_value": "12.7.05.24 in Android R(11.0)"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922: Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2021-25523",
"datePublished": "2021-12-08T14:20:32.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.