Search
Search Results (6 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15622 | 1 Sparxsystems | 1 Enterprise Architect | 2026-04-17 | N/A |
| Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication flow. | ||||
| CVE-2025-15623 | 1 Sparxsystems | 1 Sparx Pro Cloud Server | 2026-04-17 | N/A |
| Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations | ||||
| CVE-2025-15624 | 1 Sparxsystems | 1 Sparx Pro Cloud Server | 2026-04-17 | N/A |
| Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext. | ||||
| CVE-2025-15625 | 1 Sparxsystems | 1 Sparx Pro Cloud Server | 2026-04-17 | N/A |
| Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases. | ||||
| CVE-2025-15621 | 1 Sparxsystems | 1 Enterprise Architect | 2026-04-17 | N/A |
| Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication | ||||
| CVE-2022-47072 | 1 Sparxsystems | 1 Enterprise Architect | 2025-06-17 | 9.8 Critical |
| SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box.. | ||||
Page 1 of 1.