Rich Text Edit Control Information Disclosure Vulnerability

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.

ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege.

RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64.

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610.

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.

A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext.

Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".

An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen.

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.