CVE Vulnerabilities

CVE-2014-2377

Cleartext Storage of Sensitive Information in an Environment Variable

Published: Sep 15, 2014 | Modified: Oct 13, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

Weakness

The product uses an environment variable to store unencrypted sensitive information.

Affected Software

Name Vendor Start Version End Version
Integraxor Ecava * 4.1.4360 (including)

Potential Mitigations

References