Sparx Systems Sparx Enterprise Architect Insufficiently Protected Credentials Vulnerability

Vulnerability

A vulnerability in Sparx Systems Sparx Enterprise Architect allows the desktop client to access plaintext OAuth2 client secrets. This secret is then used to obtain access and ID tokens during the OpenID authentication process. The issue arises from inadequate protection of credentials, exposing sensitive information that can be exploited in the authentication flow.

Impact

Exploitation of this vulnerability leads to unauthorized access tokens being obtained, which could allow for impersonation or access to resources on behalf of the user.

Added: Apr 17, 2026, 9:47 AM

Updated: Apr 17, 2026, 9:47 AM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

4.4

remediation

0.0

relevance

6.0

threat

0.0

urgency

10.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

4.4

remediation

0.0

relevance

6.0

threat

0.0

urgency

10.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sparx Systems Sparx Enterprise Architect Insufficiently Protected Credentials Vulnerability

Vulnerability

Impact

Affected Products

Sparx Systems Sparx Enterprise Architect

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating