Description
The product stores a password in a configuration file that might be accessible to actors who do not know the password.
Extended Description
This can result in compromise of the system for which the password is used. An attacker could gain access to this file and learn the stored password or worse yet, change the password to one of their choosing.
CVE vulnerabilities with CWE-260 (24)
9.9
CVSS
CRITICAL
CVE-2023-53739
pub. 2025-12-09
9.8
CVSS
CRITICAL
CVE-2025-57754
pub. 2025-08-21
9.8
CVSS
CRITICAL
CVE-2023-34128
pub. 2023-07-13
9.8
CVSS
CRITICAL
CVE-2017-7925
pub. 2017-05-06
9.6
CVSS
CRITICAL
CVE-2025-25022
pub. 2025-06-03
9.3
CVSS
CRITICAL
CVE-2025-6513
pub. 2025-06-23
8.8
CVSS
HIGH
CVE-2019-3780
pub. 2019-03-08
8.8
CVSS
HIGH
CVE-2017-7923
pub. 2017-05-06
8.7
CVSS
HIGH
CVE-2019-25465
pub. 2026-03-11
8.7
CVSS
HIGH
CVE-2023-53770
pub. 2025-12-09
8.7
CVSS
HIGH
CVE-2025-32111
pub. 2025-04-04
7.8
CVSS
HIGH
CVE-2021-35033
pub. 2021-11-23
7.5
CVSS
HIGH
CVE-2025-33093
pub. 2025-05-07
6.8
CVSS
MEDIUM
CVE-2014-5400
pub. 2015-04-03
6.5
CVSS
MEDIUM
CVE-2025-33119
pub. 2025-11-12
5.9
CVSS
MEDIUM
CVE-2016-7043
pub. 2019-05-15
5.5
CVSS
MEDIUM
CVE-2025-36002
pub. 2025-10-16
5.5
CVSS
MEDIUM
CVE-2024-45673
pub. 2025-02-21
5.5
CVSS
MEDIUM
CVE-2020-5721
pub. 2020-04-15
5.3
CVSS
MEDIUM
CVE-2025-51540
pub. 2025-08-19
Showing 20 of 24 vulnerabilities