CVE-2022-37785 : An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displa

An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins.

Published 2023-01-01 08:15:10

Updated 2023-01-09 14:55:35

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2022-37785

Wecube-platform Project » Wecube-platform » Version: 3.2.2
cpe:2.3:a:wecube-platform_project:wecube-platform:3.2.2:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 67 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Assigned by: nvd@nist.gov (Primary)

https://github.com/WeBankPartners/wecube-platform/issues/2329

CWE-312 Cleartext Storage of Sensitive Information · Issue #2329 · WeBankPartners/wecube-platform · GitHub
Exploit;Third Party Advisory
https://github.com/WeBankPartners/wecube-plugins-terminal

GitHub - WeBankPartners/wecube-plugins-terminal: terminal for ssh
Third Party Advisory

Jump to