These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-10104 affects Hitek Software Automize and can expose encrypted SSH/SFTP profile passwords through the sshProfiles.jsd file when the Read attribute is set for Users. The issue is documented as a medium-severity information disclosure and applies to Automize 10.x up to 10.25 and 11.x up to 11.14.
CVE-2016-10103 affects Hitek Software Automize and allows information disclosure through encryptionProfiles.jsd because the file’s Read attribute is set for Users. According to the CVE description and NVD record, this can let an attacker recover encrypted passwords for GPG Encryption profiles. NVD assigns the issue a CVSS 3.0 score of 8.1 (HIGH).
CVE-2016-10102 is a high-severity weakness in Hitek Software Automize's hitek.jar credential handling. The product weakly encrypts SSH/SFTP and encryption profile passwords, and those encrypted values can be recovered from sshProfiles.jsd and encryptionProfiles.jsd and decrypted back to cleartext. Verified affected releases include all 10.x up to 10.25 and all 11.x up to 11.14.
CVE-2016-10101 is an information disclosure issue in Hitek Software Automize 10.x and 11.x. According to the CVE description, a user with the Read attribute on passManager.jsd may be able to recover the encrypted password used to access the Password Manager. NVD assigns the issue a CVSS 3.0 score of 8.1 (High) and lists multiple affected Automize 10.x and 11.x builds.