Inclusion of Sensitive Information in Source Code

CVE-2021-34757

Medium

4.9/10

Summary

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-540 - Inclusion of Sensitive Information in Source Code

Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.

References

Advisory Timeline

Published Oct 06, 2021

Inclusion of Sensitive Information in Source Code

CVE-2021-34757

Summary

CWE-540 - Inclusion of Sensitive Information in Source Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS