CVE Vulnerabilities

CVE-2022-27560

Insufficiently Protected Credentials

Published: Aug 30, 2022 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

HCL VersionVault Express exposes administrator credentials.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name Vendor Start Version End Version
Versionvault_express Hcltech 2.0.1 (including) 2.0.1 (including)
Versionvault_express Hcltech 2.1.0 (including) 2.1.0 (including)

Potential Mitigations

References