PT-2026-3557 · Unknown · Verve Asset Manager
Published
2026-01-20
·
Updated
2026-01-20
·
CVE-2025-14377
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Verve Asset Manager versions prior to 1.36
Description
A security issue exists in the legacy Ansible playbook component of Verve Asset Manager. The issue involves the incorrect storage of plaintext secrets during playbook execution. The affected component has been retired and is optional since the 1.36 release.
Recommendations
Update to version 1.36 or later.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Verve Asset Manager