CWE-1188
AllowedInitialization of a Resource with an Insecure Default
Abstraction: Base · Status: Incomplete
The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
402 vulnerabilities reference this CWE, most recent first.
GHSA-W3WG-762H-Q86R
Vulnerability from github – Published: 2022-05-24 22:29 – Updated: 2022-10-27 19:00The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.
{
"affected": [],
"aliases": [
"CVE-2021-35965"
],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-19T12:15:00Z",
"severity": "CRITICAL"
},
"details": "The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator\u2019s privilege without logging in.",
"id": "GHSA-w3wg-762h-q86r",
"modified": "2022-10-27T19:00:41Z",
"published": "2022-05-24T22:29:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35965"
},
{
"type": "WEB",
"url": "https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-4925-86733-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W48Q-CV73-MX4W
Vulnerability from github – Published: 2025-12-02 16:51 – Updated: 2025-12-02 21:43The Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPServerTransport or SSEServerTransport and has not enabled enableDnsRebindingProtection, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances.
Note that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport.
Servers created via createMcpExpressApp() now have this protection enabled by default when binding to localhost. Users with custom Express configurations are advised to update to version 1.24.0 and apply the exported hostHeaderValidation() middleware when running an unauthenticated server on localhost.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@modelcontextprotocol/sdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66414"
],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-350"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-02T16:51:57Z",
"nvd_published_at": "2025-12-02T19:15:52Z",
"severity": "HIGH"
},
"details": "The Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with `StreamableHTTPServerTransport` or `SSEServerTransport` and has not enabled `enableDnsRebindingProtection`, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances.\n\nNote that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport.\n\nServers created via `createMcpExpressApp()` now have this protection enabled by default when binding to localhost. Users with custom Express configurations are advised to update to version `1.24.0` and apply the exported `hostHeaderValidation()` middleware when running an unauthenticated server on localhost.",
"id": "GHSA-w48q-cv73-mx4w",
"modified": "2025-12-02T21:43:49Z",
"published": "2025-12-02T16:51:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-w48q-cv73-mx4w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66414"
},
{
"type": "WEB",
"url": "https://github.com/modelcontextprotocol/typescript-sdk/pull/1205"
},
{
"type": "WEB",
"url": "https://github.com/modelcontextprotocol/typescript-sdk/commit/09623e2aa5044f9e9da62c73d820a8250b9d97ed"
},
{
"type": "WEB",
"url": "https://github.com/modelcontextprotocol/typescript-sdk/commit/608360047dc6899f1cf4f0226eb62fe7b11b3898"
},
{
"type": "PACKAGE",
"url": "https://github.com/modelcontextprotocol/typescript-sdk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default"
}
GHSA-W5PQ-93H6-W2RR
Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:08NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.
{
"affected": [],
"aliases": [
"CVE-2019-5497"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-01T21:15:00Z",
"severity": "CRITICAL"
},
"details": "NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.",
"id": "GHSA-w5pq-93h6-w2rr",
"modified": "2024-04-04T01:08:46Z",
"published": "2022-05-24T16:49:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5497"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190627-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W5R3-GR8W-7FJ5
Vulnerability from github – Published: 2025-10-29 15:31 – Updated: 2025-11-05 20:52Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb_8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value as part of applying a proxy configuration.
This disables a protection mechanism of the Java runtime addressing CVE-2016-5597.
As of publication of this advisory, there is no fix.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.jenkins.plugins:eggplant-runner"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.0.1.301.v963cffe8ddb"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-64135"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-29T22:00:33Z",
"nvd_published_at": "2025-10-29T14:15:57Z",
"severity": "MODERATE"
},
"details": "Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb_8 and earlier sets the Java system property `jdk.http.auth.tunneling.disabledSchemes` to an empty value as part of applying a proxy configuration.\n\nThis disables a protection mechanism of the Java runtime addressing CVE-2016-5597.\n\nAs of publication of this advisory, there is no fix.",
"id": "GHSA-w5r3-gr8w-7fj5",
"modified": "2025-11-05T20:52:36Z",
"published": "2025-10-29T15:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64135"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/eggplant-runner-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3326"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/10/29/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Eggplant Runner Plugin protection mechanism disabled"
}
GHSA-W678-3C66-V2GR
Vulnerability from github – Published: 2025-12-02 18:30 – Updated: 2025-12-02 18:30The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting (XSS), Clickjacking, and protocol downgrade attacks.
{
"affected": [],
"aliases": [
"CVE-2025-52622"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-02T18:15:47Z",
"severity": "MODERATE"
},
"details": "The BigFix SaaS\u0027s HTTP responses were missing some security headers. The absence of these headers weakens the application\u0027s client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting (XSS), Clickjacking, and protocol downgrade attacks.",
"id": "GHSA-w678-3c66-v2gr",
"modified": "2025-12-02T18:30:36Z",
"published": "2025-12-02T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52622"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0127171"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W87G-2VQM-6M24
Vulnerability from github – Published: 2022-05-17 19:57 – Updated: 2023-02-02 21:34The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.
{
"affected": [],
"aliases": [
"CVE-2014-0234"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-12T01:15:00Z",
"severity": "HIGH"
},
"details": "The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of \"mooo\" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.",
"id": "GHSA-w87g-2vqm-6m24",
"modified": "2023-02-02T21:34:07Z",
"published": "2022-05-17T19:57:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0234"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2014:0487"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2014-0234"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1097008"
},
{
"type": "WEB",
"url": "https://github.com/openshift/openshift-extras/blob/master/README.md"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0487.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2014/06/05/19"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/67657"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WFJJ-9RR8-M3RH
Vulnerability from github – Published: 2024-10-23 18:33 – Updated: 2024-10-23 18:33HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously.
{
"affected": [],
"aliases": [
"CVE-2024-30124"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-23T16:15:05Z",
"severity": "MODERATE"
},
"details": "HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously.",
"id": "GHSA-wfjj-9rr8-m3rh",
"modified": "2024-10-23T18:33:08Z",
"published": "2024-10-23T18:33:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30124"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0115627"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WHGH-2R37-M9VR
Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2023-05-22 21:30A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.
{
"affected": [],
"aliases": [
"CVE-2019-1950"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-19T20:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.",
"id": "GHSA-whgh-2r37-m9vr",
"modified": "2023-05-22T21:30:16Z",
"published": "2022-05-24T17:09:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1950"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WJV4-G95P-RG69
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2025-08-12 12:30A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions.
{
"affected": [],
"aliases": [
"CVE-2017-12736"
],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-20",
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-26T04:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions \u003c ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions \u003c ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions.",
"id": "GHSA-wjv4-g95p-rg69",
"modified": "2025-08-12T12:30:31Z",
"published": "2022-05-13T01:42:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12736"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-856721.html"
},
{
"type": "WEB",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101041"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039463"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039464"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WMRH-7WQ5-QC6J
Vulnerability from github – Published: 2026-05-06 21:31 – Updated: 2026-05-06 21:31HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow
unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes.
{
"affected": [],
"aliases": [
"CVE-2025-31974"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T19:16:35Z",
"severity": "LOW"
},
"details": "HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow\n\nunintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes.",
"id": "GHSA-wmrh-7wq5-qc6j",
"modified": "2026-05-06T21:31:36Z",
"published": "2026-05-06T21:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31974"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.