CWE-258
9 CVEs classified under CWE-258. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-9276 | Critical | 9.8 | 2025-09-02 | Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. This vulnerability could allow remote attackers to bypass au… |
CVE-2019-5021 | Critical | 9.8 | 2019-05-08 | Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a… |
CVE-2023-39439 | High | 8.8 | 2023-08-08 | SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase. |
CVE-2023-43016 | High | 7.3 | 2024-02-03 | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10… |
CVE-2025-4395 | Medium | 6.8 | 2025-07-24 | Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no passwo… |
CVE-2024-35137 | Medium | 6.2 | 2024-06-28 | IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration infor… |
CVE-2024-4106 | Medium | 5.3 | 2024-06-26 | A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is op… |
CVE-2020-29478 | | 2021-01-05 | CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial o… | |
CVE-2018-17914 | | 2018-11-02 | InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could all… |