Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:C/RE:M/U:RedSparxsystems Pro Cloud Server
APPSparxsystems6.0.163
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2026-42097CRITICAL9.3PL ✓ten sam produkt
Sparx Pro Cloud Server — SQL injection bez uwierzytelnienia przez pominięcie parametru
CVE-2025-15624CRITICAL9.3PL ✓ten sam produkt
Plaintext Storage haseł w Sparx Pro Cloud Server z OpenID
CVE-2025-15625CRITICAL9.5PL ✓ten sam produkt
SQL Injection w Sparx Pro Cloud Server — nieautoryzowany dostęp do bazy danych
CVE-2026-42096HIGH8.7ten sam produkt
Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to l...
CVE-2026-42099HIGH7.7ten sam produkt
Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. T...