Vulnerabilities > Cleartext Storage of Sensitive Information

DATE CVE VULNERABILITY TITLE RISK
2022-01-21 CVE-2022-23129 Cleartext Storage of Sensitive Information vulnerability in multiple products
Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally.
local
low complexity
mitsubishielectric iconics CWE-312
5.5
2022-01-19 CVE-2021-31821 Cleartext Storage of Sensitive Information vulnerability in Octopus Tentacle
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext.
local
low complexity
octopus CWE-312
5.5
2022-01-14 CVE-2022-20660 Cleartext Storage of Sensitive Information vulnerability in Cisco products
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device.
low complexity
cisco CWE-312
4.6
2021-12-30 CVE-2021-20162 Cleartext Storage of Sensitive Information vulnerability in Trendnet Tew-827Dru Firmware 2.08B01
Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext.
network
low complexity
trendnet CWE-312
4.9
2021-12-30 CVE-2021-20171 Cleartext Storage of Sensitive Information vulnerability in Netgear Rax43 Firmware 1.0.3.96
Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext.
local
low complexity
netgear CWE-312
5.5
2021-12-30 CVE-2021-45077 Cleartext Storage of Sensitive Information vulnerability in Netgear R6700 Firmware 1.0.4.120
Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext.
network
low complexity
netgear CWE-312
7.5
2021-12-29 CVE-2021-35035 Cleartext Storage of Sensitive Information vulnerability in Zyxel Nbg6604 Firmware
A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.
network
low complexity
zyxel CWE-312
6.5
2021-12-24 CVE-2021-20827 Cleartext Storage of Sensitive Information vulnerability in Idec products
Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards.
network
low complexity
idec CWE-312
7.5
2021-12-14 CVE-2021-43388 Cleartext Storage of Sensitive Information vulnerability in Unisys Cargo Mobile
Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup.
network
low complexity
unisys CWE-312
7.5
2021-12-08 CVE-2021-41090 Cleartext Storage of Sensitive Information vulnerability in Grafana Agent
Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack.
network
low complexity
grafana CWE-312
7.5