Incorrect Use of Privileged APIs, Cleartext Transmission... · CVE-2025-2311 · GitHub Advisory Database · GitHub

Incorrect Use of Privileged APIs, Cleartext Transmission...

Critical severity Unreviewed Published Mar 20, 2025 to the GitHub Advisory Database • Updated Mar 20, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Nebula Informatics SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411.

References

Published by the National Vulnerability Database

Mar 20, 2025

Published to the GitHub Advisory Database Mar 20, 2025

Last updated Mar 20, 2025

Severity

Critical

/ 10

CVSS v3 base metrics

Attack vector

Adjacent

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H