Vulnerabilities > Cleartext Storage of Sensitive Information

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-23236 Cleartext Storage of Sensitive Information vulnerability in Netapp E-Series Santricity OS Controller
E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.
local
low complexity
netapp CWE-312
4.4
2022-06-02 CVE-2022-31004 Cleartext Storage of Sensitive Information vulnerability in Mitre Cve-Services
CVEProject/cve-services is an open source project used to operate the CVE services API.
network
low complexity
mitre CWE-312
7.5
2022-05-17 CVE-2022-22484 Cleartext Storage of Sensitive Information vulnerability in IBM Spectrum Protect
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history.
local
low complexity
ibm CWE-312
5.5
2022-05-09 CVE-2022-29868 Cleartext Storage of Sensitive Information vulnerability in 1Password
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass.
local
low complexity
1password CWE-312
5.5
2022-05-09 CVE-2022-28162 Cleartext Storage of Sensitive Information vulnerability in Broadcom Sannav 2.1.0/2.1.1/2.1.1.8
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.
local
low complexity
broadcom CWE-312
3.3
2022-04-19 CVE-2021-39078 Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium 10.5
IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user.
local
low complexity
ibm CWE-312
4.4
2022-04-11 CVE-2022-0835 Cleartext Storage of Sensitive Information vulnerability in Aveva System Platform 2020
AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.
local
low complexity
aveva CWE-312
5.5
2022-04-01 CVE-2022-25158 Cleartext Storage of Sensitive Information vulnerability in Mitsubishielectric products
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext.
network
low complexity
mitsubishielectric CWE-312
critical
9.1
2022-04-01 CVE-2022-25160 Cleartext Storage of Sensitive Information vulnerability in Mitsubishielectric products
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system.
network
high complexity
mitsubishielectric CWE-312
5.9
2022-03-28 CVE-2021-45491 Cleartext Storage of Sensitive Information vulnerability in 3CX
3CX System through 2022-03-17 stores cleartext passwords in a database.
network
low complexity
3cx CWE-312
6.5