Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.Β In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:C/RE:M/U:RedSparxsystems Pro Cloud Server
APPSparxsystems6.0.163
π΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2026-42097CRITICAL9.3PL βten sam produkt
Sparx Pro Cloud Server β SQL injection bez uwierzytelnienia przez pominiΔcie parametru
CVE-2025-15623CRITICAL9.3PL βten sam produkt
Sparx Pro Cloud Server: ujawnienie hasΕa do bazy danych w plaintext
CVE-2025-15625CRITICAL9.5PL βten sam produkt
SQL Injection w Sparx Pro Cloud Server β nieautoryzowany dostΔp do bazy danych
CVE-2026-42096HIGH8.7ten sam produkt
Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to l...
CVE-2026-42099HIGH7.7ten sam produkt
Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. T...