CWE-214

Invocation of Process Using Visible Sensitive Information

4 CVEs Avg CVSS 5.8 MITRE
0
CRITICAL
0
HIGH
4
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2025-5452 MEDIUM This Month

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Axis Os
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-48709 MEDIUM Monitor

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Control M Server Windows
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-1333 MEDIUM This Month

IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Mq Operator Supplied Mq Advanced Container Images
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2025-32987 MEDIUM This Month

Arctera eDiscovery Platform before 10.3.2, when Enterprise Vault Collection Module is used, places a cleartext password on a command line in EVSearcher. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Redhat
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2025-5452
EPSS 0% CVSS 6.6
MEDIUM This Month

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Axis Os
NVD
CVE-2025-48709
EPSS 0% CVSS 4.8
MEDIUM Monitor

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Control M Server +1
NVD
CVE-2025-1333
EPSS 0% CVSS 6.0
MEDIUM This Month

IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Mq Operator +1
NVD
CVE-2025-32987
EPSS 0% CVSS 6.0
MEDIUM This Month

Arctera eDiscovery Platform before 10.3.2, when Enterprise Vault Collection Module is used, places a cleartext password on a command line in EVSearcher. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Redhat
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy