CRITICAL🇵🇱 Wersja polska

CVE-2025-15624

CVSS 9.3v4.0pub. 2026-04-17upd. 2026-06-02

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.  In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:C/RE:M/U:Red
  • Sparxsystems Pro Cloud Server

    APP
    Sparxsystems
    6.0.163
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-42097CRITICAL9.3PL ✓ten sam produkt

Sparx Pro Cloud Server — SQL injection bez uwierzytelnienia przez pominięcie parametru

CVE-2025-15623CRITICAL9.3PL ✓ten sam produkt

Sparx Pro Cloud Server: ujawnienie hasła do bazy danych w plaintext

CVE-2025-15625CRITICAL9.5PL ✓ten sam produkt

SQL Injection w Sparx Pro Cloud Server — nieautoryzowany dostęp do bazy danych

CVE-2026-42096HIGH8.7ten sam produkt

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to l...

CVE-2026-42099HIGH7.7ten sam produkt

Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. T...