Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:C/RE:M/U:RedSparxsystems Pro Cloud Server
APPSparxsystems6.0.163
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2026-42097CRITICAL9.3PL ✓ten sam produkt
Sparx Pro Cloud Server — SQL injection bez uwierzytelnienia przez pominięcie parametru
CVE-2025-15623CRITICAL9.3PL ✓ten sam produkt
Sparx Pro Cloud Server: ujawnienie hasła do bazy danych w plaintext
CVE-2025-15625CRITICAL9.5PL ✓ten sam produkt
SQL Injection w Sparx Pro Cloud Server — nieautoryzowany dostęp do bazy danych
CVE-2026-42096HIGH8.7ten sam produkt
Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to l...
CVE-2026-42099HIGH7.7ten sam produkt
Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. T...