CVE-2019-14840 — Insufficiently Protected Credentials in Redhat Business-central

CWE-522 — Insufficiently Protected Credentials5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 56.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Business-central Redhat Decision Manager

Timeline

PublishedOct 17

Description

A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5redhat/business-centralBusiness-central as shipped in RHDM 7 and RHPAM 7

▶NVDredhat/decision_manager7.0

🔴Vulnerability Details

CVEList

CVE-2019-14840: A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials↗2022-10-17

▶

GHSA

GHSA-g6v5-f3w9-4xx4: A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials↗2022-10-17

▶

📋Vendor Advisories

Red Hat

Business-central: Sensitive HTML Form Fields like Password has auto-complete Enabled↗2021-03-22

▶

💬Community

Bugzilla

CVE-2019-14840 Business-central: Sensitive HTML Form Fields like Password has auto-complete Enabled↗2019-09-03

▶