CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2025-15624

CVSS 9.3v4.0pub. 2026-04-17upd. 2026-06-02

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.Β  In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:C/RE:M/U:Red
  • Sparxsystems Pro Cloud Server

    APP
    Sparxsystems
    6.0.163
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-42097CRITICAL9.3PL βœ“ten sam produkt

Sparx Pro Cloud Server β€” SQL injection bez uwierzytelnienia przez pominiΔ™cie parametru

CVE-2025-15623CRITICAL9.3PL βœ“ten sam produkt

Sparx Pro Cloud Server: ujawnienie hasΕ‚a do bazy danych w plaintext

CVE-2025-15625CRITICAL9.5PL βœ“ten sam produkt

SQL Injection w Sparx Pro Cloud Server β€” nieautoryzowany dostΔ™p do bazy danych

CVE-2026-42096HIGH8.7ten sam produkt

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to l...

CVE-2026-42099HIGH7.7ten sam produkt

Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. T...

CVE-2025-15624 β€” Sparxsystems β€” Pro Cloud Server β€” CRITICAL β€” CVSS 9.3 | CVEbaza.pl