CWE-312
AllowedCleartext Storage of Sensitive Information
Abstraction: Base · Status: Draft
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
1017 vulnerabilities reference this CWE, most recent first.
CVE-2025-1499 (GCVE-0-2025-1499)
Vulnerability from cvelistv5 – Published: 2025-06-01 11:30 – Updated: 2025-08-26 14:54- CWE-312 - Cleartext Storage of Sensitive Information
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7233154 | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | InfoSphere Information Server |
Affected:
11.7
cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T03:16:31.714504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T03:16:49.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "InfoSphere Information Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user."
}
],
"value": "IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:54:42.793Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7233154"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7 DT423714 \u003cbr\u003e --Apply InfoSphere Information Server version 11.7.1.0 \u003cbr\u003e--Apply InfoSphere Information Server version 11.7.1.6\u003cbr\u003e--Apply InfoSphere DataStage security patch\u003cbr\u003e"
}
],
"value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7 DT423714 \n --Apply InfoSphere Information Server version 11.7.1.0 \n--Apply InfoSphere Information Server version 11.7.1.6\n--Apply InfoSphere DataStage security patch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM InfoSphere Information Server information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1499",
"datePublished": "2025-06-01T11:30:58.760Z",
"dateReserved": "2025-02-20T15:32:19.936Z",
"dateUpdated": "2025-08-26T14:54:42.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0418 (GCVE-0-2025-0418)
Vulnerability from cvelistv5 – Published: 2025-04-01 03:59 – Updated: 2025-04-01 14:13- CWE-312 - Cleartext Storage of Sensitive Information
| Vendor | Product | Version | |
|---|---|---|---|
| Valmet | Valmet DNA |
Affected:
C2007 , ≤ C2021
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0418",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T14:04:17.566128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T14:13:12.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Valmet DNA",
"vendor": "Valmet",
"versions": [
{
"lessThanOrEqual": "C2021",
"status": "affected",
"version": "C2007",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sixtus Leonhardsberger and Felix Eberstaller of LimesSecurity"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Valmet DNA user passwords in plain text.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis practice poses a security risk as attackers who gain access to local project data can read the passwords.\u003c/span\u003e"
}
],
"value": "Valmet DNA user passwords in plain text.\u00a0This practice poses a security risk as attackers who gain access to local project data can read the passwords."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/R:A/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T03:59:40.489Z",
"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"shortName": "NCSC-FI"
},
"references": [
{
"url": "https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0418/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The solution is available from Valmet Automation Customer Service."
}
],
"value": "The solution is available from Valmet Automation Customer Service."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Valmet DNA user passwords in plain text",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"assignerShortName": "NCSC-FI",
"cveId": "CVE-2025-0418",
"datePublished": "2025-04-01T03:59:40.489Z",
"dateReserved": "2025-01-13T12:24:48.092Z",
"dateUpdated": "2025-04-01T14:13:12.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0142 (GCVE-0-2025-0142)
Vulnerability from cvelistv5 – Published: 2025-01-30 19:38 – Updated: 2025-01-31 15:39- CWE-312 - Cleartext Storage of Sensitive Information
| Vendor | Product | Version | |
|---|---|---|---|
| Zoom Communications, Inc | Zoom Jenkins Marketplace plugin |
Affected:
0 , < 1.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T15:39:04.882562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T15:39:15.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom Jenkins Marketplace plugin",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"lessThan": "1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-01-14T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eCleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access.\u003c/span\u003e\u003c/b\u003e"
}
],
"value": "Cleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T19:49:42.388Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25001/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Jenkins Marketplace plugin - Cleartext Storage of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-0142",
"datePublished": "2025-01-30T19:38:51.716Z",
"dateReserved": "2024-12-23T21:42:11.796Z",
"dateUpdated": "2025-01-31T15:39:15.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0123 (GCVE-0-2025-0123)
Vulnerability from cvelistv5 – Published: 2025-04-11 17:43 – Updated: 2025-04-11 18:36- CWE-312 - Cleartext Storage of Sensitive Information
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2025-0123 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
11.2.0 , < 11.2.6
(custom)
Affected: 11.1.0 , < 11.1.8 (custom) Affected: 10.2.0 , < 10.2.15 (custom) Affected: 10.1.0 , < 10.1.14-h13 (custom) cpe:2.3:o:paloaltonetworks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h11:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T18:35:09.452088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T18:36:46.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "11.2.6",
"status": "unaffected"
}
],
"lessThan": "11.2.6",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.8",
"status": "unaffected"
}
],
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.15",
"status": "unaffected"
}
],
"lessThan": "10.2.15",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.14-h13",
"status": "unaffected"
}
],
"lessThan": "10.1.14-h13",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability requires the following configuration:\u003col\u003e\u003cli\u003eAn SSL decryption policy matching HTTP/2 data flows tied to a decryption profile without \u0027Strip ALPN\u0027 enabled;\u003cbr\u003eand\u003c/li\u003e\u003cli\u003eGlobal HTTP/2 inspection enabled.\u003cbr\u003e\u003cbr\u003eNote: Global HTTP/2 inspection is enabled by default. The setting to disable it is available only by using the PAN-OS command-line interface (CLI). To verify whether this feature is globally disabled use the following CLI commands:\u003cp\u003e\u003ctt\u003e\u0026gt; set cli config-output-format set\u003cbr\u003e\u0026gt;\u0026nbsp;configure \u003cbr\u003e# show | match\u0026nbsp;\u0027http2 enable no\u0027\u003c/tt\u003e\u003c/p\u003e\u2003\u2003- If there is no output, then http2 inspection is enabled.\u003cbr\u003e\u2003\u2003- If output shows \u003ctt\u003e\u0027set deviceconfig setting http2 enable no\u0027\u003c/tt\u003e then http2 traffic is classified as \u003ctt\u003eunknown-tcp\u003c/tt\u003e and is not decrypted by the firewall, which makes clear-text data unreadable in packet captures.\u003cbr\u003e\u2003\u2003\u003cbr\u003e\u003c/li\u003e\u003c/ol\u003e"
}
],
"value": "This vulnerability requires the following configuration: * An SSL decryption policy matching HTTP/2 data flows tied to a decryption profile without \u0027Strip ALPN\u0027 enabled;\nand\n * Global HTTP/2 inspection enabled.\n\nNote: Global HTTP/2 inspection is enabled by default. The setting to disable it is available only by using the PAN-OS command-line interface (CLI). To verify whether this feature is globally disabled use the following CLI commands:\u003e set cli config-output-format set\n\u003e\u00a0configure \n# show | match\u00a0\u0027http2 enable no\u0027\n\n\u2003\u2003- If there is no output, then http2 inspection is enabled.\n\u2003\u2003- If output shows \u0027set deviceconfig setting http2 enable no\u0027 then http2 traffic is classified as unknown-tcp and is not decrypted by the firewall, which makes clear-text data unreadable in packet captures."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Saurabh Tripathi of Palo Alto Networks"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the Palo Alto Networks PAN-OS\u00ae software enables unlicensed administrators to view clear-text data captured using the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture\"\u003epacket capture feature\u003c/a\u003e in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted.\u003cbr\u003e\u003cbr\u003eIn normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring\"\u003econfigure decryption port mirroring\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThe administrator must obtain network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. Risk of this issue can be greatly reduced by restricting access to the management interface to only trusted administrators and from only internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ecritical deployment guidelines\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eCustomer firewall administrators do not have access to the packet capture feature in Cloud NGFW. This feature is available only to authorized Palo Alto Networks personnel permitted to perform troubleshooting.\u003cbr\u003e\u003cbr\u003ePrisma\u00ae Access is not impacted by this vulnerability."
}
],
"value": "A vulnerability in the Palo Alto Networks PAN-OS\u00ae software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted.\n\nIn normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to configure decryption port mirroring https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring .\n\nThe administrator must obtain network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. Risk of this issue can be greatly reduced by restricting access to the management interface to only trusted administrators and from only internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nCustomer firewall administrators do not have access to the packet capture feature in Cloud NGFW. This feature is available only to authorized Palo Alto Networks personnel permitted to perform troubleshooting.\n\nPrisma\u00ae Access is not impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-158",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-158: Sniffing Network Traffic"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Firewall administrators can see traffic that they should not be able to see, which impacts confidentiality but there is no impact to integrity or availability of that traffic."
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 0,
"baseSeverity": "NONE",
"privilegesRequired": "HIGH",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "There is no risk if the firewall is licensed for decryption port mirroring because firewall administrators are already authorized to obtain decrypted packet captures from Palo Alto Networks firewalls."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T17:43:05.126Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-0123"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 10.1.14-h13, PAN-OS 10.2.15, PAN-OS 11.1.8, PAN-OS 11.2.6, and all later PAN-OS versions.\u003cbr\u003e\u003cbr\u003e\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.5\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.6 or later.\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.7\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.0 (EoL)\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.14\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.15 or later.\u003cbr\u003e\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.1.0 through 10.1.14-h11\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.1.14-h13 or later.\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll other older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003eTo fully remediate risk, you must delete all pre-existing packet capture files stored on the firewall after you upgrade to a fixed PAN-OS version. This task can be performed through the PAN-OS web interface or through the PAN-OS CLI.\u003cp\u003e\u003cb\u003eUsing the Web Interface:\u003c/b\u003e\u003c/p\u003e1. Select \u003cb\u003eMonitor\u003c/b\u003e \u0026gt; \u003cb\u003ePacket Capture\u003c/b\u003e \u0026gt; \u003cb\u003eCaptured Files\u003c/b\u003e \u0026gt; (Select All) and \u003cb\u003eDelete\u003c/b\u003e the files.\u003cbr\u003e2. Select \u003cb\u003eYes\u003c/b\u003e when prompted by the confirmation dialog.\u003cp\u003e\u003cb\u003eUsing the PAN-OS CLI:\u003c/b\u003e\u003c/p\u003e1. Enter the following operational command:\u003cbr\u003e\u003cp\u003e\u003ctt\u003e\u0026gt; delete debug-filter file *\u0026nbsp;\u003c/tt\u003e\u003c/p\u003e2. A confirmation prints to the terminal and indicates that all packet capture files were successfully deleted from the firewall:\u003cbr\u003e\u003cp\u003e\u003ctt\u003esuccessfully removed *\u0026nbsp;\u003c/tt\u003e\u003c/p\u003e"
}
],
"value": "This issue is fixed in PAN-OS 10.1.14-h13, PAN-OS 10.2.15, PAN-OS 11.1.8, PAN-OS 11.2.6, and all later PAN-OS versions.\n\nVersion\nMinor Version\nSuggested Solution\nPAN-OS 11.2\n11.2.0 through 11.2.5Upgrade to 11.2.6 or later.\nPAN-OS 11.111.1.0 through 11.1.7\nUpgrade to 11.1.8 or later.PAN-OS 11.0 (EoL)\n\nUpgrade to a supported fixed version.\nPAN-OS 10.2\n10.2.0 through 10.2.14\nUpgrade to 10.2.15 or later.\n\nPAN-OS 10.1\n10.1.0 through 10.1.14-h11\nUpgrade to 10.1.14-h13 or later.\nAll other older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\nTo fully remediate risk, you must delete all pre-existing packet capture files stored on the firewall after you upgrade to a fixed PAN-OS version. This task can be performed through the PAN-OS web interface or through the PAN-OS CLI.Using the Web Interface:\n\n1. Select Monitor \u003e Packet Capture \u003e Captured Files \u003e (Select All) and Delete the files.\n2. Select Yes when prompted by the confirmation dialog.Using the PAN-OS CLI:\n\n1. Enter the following operational command:\n\u003e delete debug-filter file *\u00a0\n\n2. A confirmation prints to the terminal and indicates that all packet capture files were successfully deleted from the firewall:\nsuccessfully removed *"
}
],
"source": {
"defect": [
"PAN-257442"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mitigation: In a Palo Alto Networks firewall, you can configure the decryption profile to \u003ci\u003e\u003cb\u003estrip ALPN\u003c/b\u003e\u003c/i\u003e (Application-Layer Protocol Negotiation) from the TLS handshake, which is used to negotiate the application protocol (e.g., HTTP/2 or HTTP/1.1) for the secured connection. When ALPN is absent, the following behaviors can occur:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eFirewall behavior\u003c/b\u003e\u2014With no ALPN value available, the firewall cannot perform HTTP/2 inspection. It either forces the connection to downgrade to HTTP/1.1 (by letting the client and server negotiate a fallback) or, if that downgrade isn\u2019t possible, it can classify the traffic as \u003ctt\u003eunknown-tcp\u003c/tt\u003e and potentially affects your security policy rules and application identification.\u003c/li\u003e\u003cli\u003e\u003cb\u003eClient behavior\u003c/b\u003e\u2014Most modern web browsers rely on ALPN to negotiate HTTP/2. If ALPN is missing, the client typically falls back to HTTP/1.1.\u003c/li\u003e\u003cli\u003e\u003cb\u003eServer behavior\u003c/b\u003e\u2014If ALPN is absent, the server can assume that the client supports only HTTP/1.1 and downgrades the connection accordingly. If the server enforces HTTP/2-only connections, then it may reject the handshake and cause a connection failure.\u003c/li\u003e\u003c/ul\u003eConsequently, without ALPN, the Palo Alto Networks firewall does not inspect HTTP/2 connections, which prevents decrypted HTTP/2 (clear-text) traffic exposure to firewall administrators.\u003cbr\u003e\u003cbr\u003eYou can review how to strip ALPN and disable HTTP/2 inspection for targeted traffic in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/http2#:~:text=Disable%20HTTP%2F2%20inspection%20for%20targeted%20traffic.\"\u003eApp-ID and HTTP/2\u003c/a\u003e inspection technical documentation.\u003cbr\u003e\u003cbr\u003eAdditional mitigation: The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ecritical deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003cbr\u003e\u003cbr\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003cbr\u003e\u003cul\u003e\u003cli\u003ePalo Alto Networks LIVEcommunity article: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ehttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-ac...\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePalo Alto Networks official and detailed technical documentation:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ehttps://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administr...\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Mitigation: In a Palo Alto Networks firewall, you can configure the decryption profile to strip ALPN (Application-Layer Protocol Negotiation) from the TLS handshake, which is used to negotiate the application protocol (e.g., HTTP/2 or HTTP/1.1) for the secured connection. When ALPN is absent, the following behaviors can occur:\n * Firewall behavior\u2014With no ALPN value available, the firewall cannot perform HTTP/2 inspection. It either forces the connection to downgrade to HTTP/1.1 (by letting the client and server negotiate a fallback) or, if that downgrade isn\u2019t possible, it can classify the traffic as unknown-tcp and potentially affects your security policy rules and application identification.\n * Client behavior\u2014Most modern web browsers rely on ALPN to negotiate HTTP/2. If ALPN is missing, the client typically falls back to HTTP/1.1.\n * Server behavior\u2014If ALPN is absent, the server can assume that the client supports only HTTP/1.1 and downgrades the connection accordingly. If the server enforces HTTP/2-only connections, then it may reject the handshake and cause a connection failure.\n\n\nConsequently, without ALPN, the Palo Alto Networks firewall does not inspect HTTP/2 connections, which prevents decrypted HTTP/2 (clear-text) traffic exposure to firewall administrators.\n\nYou can review how to strip ALPN and disable HTTP/2 inspection for targeted traffic in the App-ID and HTTP/2 https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/http2#:~:text=Disable%20HTTP%2F2%20inspection%20for%20targeted%20traffic. inspection technical documentation.\n\nAdditional mitigation: The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n * Palo Alto Networks LIVEcommunity article: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-ac... https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n * Palo Alto Networks official and detailed technical documentation:\u00a0 https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administr... https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-0123",
"datePublished": "2025-04-11T17:43:05.126Z",
"dateReserved": "2024-12-20T23:23:24.262Z",
"dateUpdated": "2025-04-11T18:36:46.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58277 (GCVE-0-2024-58277)
Vulnerability from cvelistv5 – Published: 2025-12-04 20:42 – Updated: 2026-05-14 02:07- CWE-312 - Cleartext Storage of Sensitive Information
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/51855 | exploit |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | vendor-advisory |
| https://www.vulncheck.com/advisories/r-radio-netw… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| R Radio Network | Radio Network FM Transmitter |
Affected:
1.07 , < 1.09
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58277",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T16:06:27.717343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:48:26.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Radio Network FM Transmitter",
"vendor": "R Radio Network",
"versions": [
{
"lessThan": "1.09",
"status": "affected",
"version": "1.07",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko LiquidWorm Krstic"
}
],
"datePublic": "2024-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user\u0027s password through the system.cgi endpoint, enabling authentication bypass and FM station setup access."
}
],
"value": "R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user\u0027s password through the system.cgi endpoint, enabling authentication bypass and FM station setup access."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:07:14.003Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51855",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51855"
},
{
"name": "Security Advisory for ZSL-2023-5802",
"tags": [
"vendor-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/r-radio-network-fm-transmitter-107-system-settings-disclosure"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vendor has released version 1.09 to address this issue."
}
],
"value": "Vendor has released version 1.09 to address this issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "R Radio Network FM Transmitter 1.07 System Settings Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58277",
"datePublished": "2025-12-04T20:42:19.064Z",
"dateReserved": "2025-12-04T16:29:09.649Z",
"dateUpdated": "2026-05-14T02:07:14.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56362 (GCVE-0-2024-56362)
Vulnerability from cvelistv5 – Published: 2024-12-23 17:19 – Updated: 2024-12-24 01:35- CWE-312 - Cleartext Storage of Sensitive Information
| URL | Tags |
|---|---|
| https://github.com/navidrome/navidrome/security/a… | x_refsource_CONFIRM |
| https://github.com/navidrome/navidrome/commit/7f0… | x_refsource_MISC |
| https://github.com/navidrome/navidrome/commit/9cb… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T01:35:10.350827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T01:35:29.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "navidrome",
"vendor": "navidrome",
"versions": [
{
"status": "affected",
"version": "\u003c 0.54.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T17:19:51.108Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/navidrome/navidrome/security/advisories/GHSA-xwx7-p63r-2rj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/navidrome/navidrome/security/advisories/GHSA-xwx7-p63r-2rj8"
},
{
"name": "https://github.com/navidrome/navidrome/commit/7f030b0859653593fd2ac0df69f4a313f9caf9ff",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/navidrome/navidrome/commit/7f030b0859653593fd2ac0df69f4a313f9caf9ff"
},
{
"name": "https://github.com/navidrome/navidrome/commit/9cbdb20a318a49daf95888b1fd207d4d729b55f1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/navidrome/navidrome/commit/9cbdb20a318a49daf95888b1fd207d4d729b55f1"
}
],
"source": {
"advisory": "GHSA-xwx7-p63r-2rj8",
"discovery": "UNKNOWN"
},
"title": "Navidrome Stores JWT Secret in Plaintext in navidrome.db"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-56362",
"datePublished": "2024-12-23T17:19:51.108Z",
"dateReserved": "2024-12-20T17:34:56.867Z",
"dateUpdated": "2024-12-24T01:35:29.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55928 (GCVE-0-2024-55928)
Vulnerability from cvelistv5 – Published: 2025-01-23 17:25 – Updated: 2025-02-24 17:16- CWE-312 - Cleartext Storage of Sensitive Information
| Vendor | Product | Version | |
|---|---|---|---|
| Xerox | Xerox Workplace Suite |
Affected:
0 , < 5.6.701.9
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55928",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T19:00:32.313469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T19:00:57.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Xerox Workplace Suite",
"vendor": "Xerox",
"versions": [
{
"lessThan": "5.6.701.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-01-23T17:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption"
}
],
"value": "Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption"
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T17:16:19.462Z",
"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"shortName": "Xerox"
},
"references": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Clear text secrets returned \u0026 Remote system secrets in clear text",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"assignerShortName": "Xerox",
"cveId": "CVE-2024-55928",
"datePublished": "2025-01-23T17:25:46.915Z",
"dateReserved": "2024-12-13T14:30:30.207Z",
"dateUpdated": "2025-02-24T17:16:19.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54127 (GCVE-0-2024-54127)
Vulnerability from cvelistv5 – Published: 2024-12-05 12:19 – Updated: 2024-12-05 15:55- CWE-312 - Cleartext Storage of Sensitive Information
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link | Archer C50 Wireless Router |
Affected:
<Archer C50(EU)_V4_ 240917
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T15:55:43.403297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T15:55:53.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer C50 Wireless Router",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "\u003cArcher C50(EU)_V4_ 240917"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported is reported by Amey Chavekar, Khalid Markar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system."
}
],
"value": "This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T12:19:24.519Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0354"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Archer C50(EU)_V4_ 240917\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip\"\u003ehttps://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip\u003c/a\u003e \u003cbr\u003e"
}
],
"value": "Upgrade to Archer C50(EU)_V4_ 240917\n\n https://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2024-54127",
"datePublished": "2024-12-05T12:19:24.519Z",
"dateReserved": "2024-11-29T11:09:33.863Z",
"dateUpdated": "2024-12-05T15:55:53.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53979 (GCVE-0-2024-53979)
Vulnerability from cvelistv5 – Published: 2024-11-29 18:50 – Updated: 2024-12-04 17:19- CWE-312 - Cleartext Storage of Sensitive Information
| URL | Tags |
|---|---|
| https://github.com/zhmcclient/zhmc-ansible-module… | x_refsource_CONFIRM |
| https://github.com/zhmcclient/zhmc-ansible-module… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| zhmcclient | zhmc-ansible-modules |
Affected:
< 1.9.3
|
|
| ibm | zhmc |
Affected:
0 , < 1.9.3
(custom)
cpe:2.3:a:ibm:zhmc:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:zhmc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zhmc",
"vendor": "ibm",
"versions": [
{
"lessThan": "1.9.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T17:15:37.730258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T17:19:36.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zhmc-ansible-modules",
"vendor": "zhmcclient",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The Ansible collection \"ibm.ibm_zhmc\" writes password-like properties in clear text into its log file and into the output returned by some of its Ansible module in the following cases: 1. The \u0027boot_ftp_password\u0027 and \u0027ssc_master_pw\u0027 properties are passed as input to the zhmc_partition Ansible module. 2. The \u0027ssc_master_pw\u0027 and \u0027zaware_master_pw\u0027 properties are passed as input to the zhmc_lpar Ansible module. 3. The \u0027password\u0027 property is passed as input to the zhmc_user Ansible module (just in log file, not in module output). 4. The \u0027bind_password\u0027 property is passed as input to the zhmc_ldap_server_definition Ansible module. These properties appear in the module output only when they were specified in the module input and when creating or updating the corresponding resources. They do not appear in the output when retrieving facts for the corresponding resources. These properties appear in the log file only when the \"log_file\" module input parameter is used. By default, no log file is created. This issue has been fixed in ibm.ibm_zhmc version 1.9.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:50:31.398Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zhmcclient/zhmc-ansible-modules/security/advisories/GHSA-mw6c-f428-jx4f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zhmcclient/zhmc-ansible-modules/security/advisories/GHSA-mw6c-f428-jx4f"
},
{
"name": "https://github.com/zhmcclient/zhmc-ansible-modules/commit/f5579f07da5f02d2496c41a313d4ae7a0a459b1d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zhmcclient/zhmc-ansible-modules/commit/f5579f07da5f02d2496c41a313d4ae7a0a459b1d"
}
],
"source": {
"advisory": "GHSA-mw6c-f428-jx4f",
"discovery": "UNKNOWN"
},
"title": "Ansible collection \"ibm.ibm_zhmc\" has passwords in clear text in log file and in output of some modules when specified as input"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53979",
"datePublished": "2024-11-29T18:50:31.398Z",
"dateReserved": "2024-11-25T23:14:36.379Z",
"dateUpdated": "2024-12-04T17:19:36.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53865 (GCVE-0-2024-53865)
Vulnerability from cvelistv5 – Published: 2024-11-29 18:48 – Updated: 2024-12-02 20:54- CWE-312 - Cleartext Storage of Sensitive Information
| URL | Tags |
|---|---|
| https://github.com/zhmcclient/python-zhmcclient/s… | x_refsource_CONFIRM |
| https://github.com/zhmcclient/python-zhmcclient/c… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| zhmcclient | python-zhmcclient |
Affected:
< 1.18.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T20:53:57.128278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T20:54:26.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python-zhmcclient",
"vendor": "zhmcclient",
"versions": [
{
"status": "affected",
"version": "\u003c 1.18.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package \"zhmcclient\" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The \u0027boot-ftp-password\u0027 and \u0027ssc-master-pw\u0027 properties when creating or updating a partition in DPM mode, in the zhmcclient API and HMC logs. 2. The \u0027ssc-master-pw\u0027 and \u0027zaware-master-pw\u0027 properties when updating an LPAR in classic mode, in the zhmcclient API and HMC logs. 3. The \u0027ssc-master-pw\u0027 and \u0027zaware-master-pw\u0027 properties when creating or updating an image activation profile in classic mode, in the zhmcclient API and HMC logs. 4. The \u0027password\u0027 property when creating or updating an HMC user, in the zhmcclient API log. 5. The \u0027bind-password\u0027 property when creating or updating an LDAP server definition, in the zhmcclient API and HMC logs. This issue affects only users of the zhmcclient package that have enabled the Python loggers named \"zhmcclient.api\" (for the API log) or \"zhmcclient.hmc\" (for the HMC log) and that use the functions listed above. This issue has been fixed in zhmcclient version 1.18.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:48:17.680Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zhmcclient/python-zhmcclient/security/advisories/GHSA-p57h-3cmc-xpjq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zhmcclient/python-zhmcclient/security/advisories/GHSA-p57h-3cmc-xpjq"
},
{
"name": "https://github.com/zhmcclient/python-zhmcclient/commit/ad32781e782d0f604c6da4680fce48e4cc1f4433",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zhmcclient/python-zhmcclient/commit/ad32781e782d0f604c6da4680fce48e4cc1f4433"
}
],
"source": {
"advisory": "GHSA-p57h-3cmc-xpjq",
"discovery": "UNKNOWN"
},
"title": "Python package \"zhmcclient\" has passwords in clear text in its HMC and API logs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53865",
"datePublished": "2024-11-29T18:48:17.680Z",
"dateReserved": "2024-11-22T17:30:02.145Z",
"dateUpdated": "2024-12-02T20:54:26.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]
Mitigation
In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.
CAPEC-37: Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.