Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-261
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-22271 2023-03-22 N/A 5.3 MEDIUM
Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful exploitation requires to already have in possession this encrypted secret.
CVE-2023-0356 1 Socomec 2 Modulys Gp, Net Vision 2023-02-06 N/A 7.5 HIGH
SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.