Falhas do tipo CWE-258
10 resultadosCVE-2019-5021CRITICALVersions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to EPSS 6.3%CVE-2018-17914—InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnEPSS 4.6%CVE-2020-29478—CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker EPSS 1.2%CVE-2025-9276CRITICALCockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass VulnerabilityEPSS 0.8%CVE-2023-43016HIGHIBM Security Access Manager Container unauthorized accessEPSS 0.7%CVE-2023-39439HIGHSAP Commerce accepts empty passphrases.EPSS 0.6%CVE-2024-4106MEDIUMA vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, iEPSS 0.4%CVE-2024-28744HIGHThe password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earliEPSS 0.3%CVE-2025-4395MEDIUMMedtronic MyCareLink Patient Monitor Empty Password VulnerabilityEPSS 0.3%CVE-2024-35137MEDIUMIBM Security Access Manager Docker information disclosureEPSS 0.3%