| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2022-26138 | Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability | exploitation_technique | T1552.001 | Credentials In Files |
Comments
CVE-2022-26138 is a hard-coded credentials vulnerability in the "Questions for Confluence" app.
References
|
| CVE-2020-8657 | EyesOfNetwork Use of Hard-Coded Credentials Vulnerability | exploitation_technique | T1106 | Native API |
Comments
CVE-2020-8657 identifies a security issue in EyesOfNetwork 5.3 that exposes a vulnerability in the API key implementation.
References
|
| CVE-2024-20439 | Cisco Smart Licensing Utility Static Credential Vulnerability | exploitation_technique | T1552 | Unsecured Credentials |
Comments
Due to static credentials found in Cisco Smart Licensing Utility, a remote, unauthenticated attacker can gain administrative access through the API.
References
|
| CVE-2024-20439 | Cisco Smart Licensing Utility Static Credential Vulnerability | primary_impact | T1106 | Native API |
Comments
Due to static credentials found in Cisco Smart Licensing Utility, a remote, unauthenticated attacker can gain administrative access through the API.
References
|
| CVE-2025-30406 | Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability | exploitation_technique | T1203 | Exploitation for Client Execution |
Comments
This vulnerability has been exploited to give threat actors with knowledge of the CentreStack portal's machineKey the ability to craft malicious payloads for remote code execution.
References
|
| CVE-2025-30406 | Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability has been exploited to give threat actors with knowledge of the CentreStack portal's machineKey the ability to craft malicious payloads for remote code execution.
References
|