CVE-2019-16062Cleartext Storage of Sensitive Info in Enigma Network Management Solution

CWE-312Cleartext Storage of Sensitive InfoCWE-311Missing Encryption of Sensitive Data5 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 61.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Elfutils Project ElfutilsNetsas Enigma Network Management Solution
Timeline
PublishedMar 19
Latest updateAug 30

Description

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. It is possible for an attacker to expose unencrypted sensitive data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Alpineelfutils_project/elfutils< 0.174-r0

🔴Vulnerability Details

4
OSV
elfutils vulnerabilities2023-08-30
GHSA
GHSA-jv3m-8g66-rq7f: NETSAS Enigma NMS 652022-05-24
OSV
CVE-2019-16062: NETSAS Enigma NMS 652020-03-19
CVEList
CVE-2019-16062: NETSAS Enigma NMS 652020-03-19
CVE-2019-16062 — Cleartext Storage of Sensitive Info | cvebase