Vulnerabilities > Cleartext Storage of Sensitive Information

DATE CVE VULNERABILITY TITLE RISK
2020-05-14 CVE-2019-13021 Cleartext Storage of Sensitive Information vulnerability in Jetstream Jetselect
The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database.
network
low complexity
jetstream CWE-312
6.5
2020-04-27 CVE-2020-11415 Cleartext Storage of Sensitive Information vulnerability in Sonatype Nexus Repository Manager
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1.
network
low complexity
sonatype CWE-312
4.9
2020-04-16 CVE-2020-2177 Cleartext Storage of Sensitive Information vulnerability in Jenkins Copr 0.1/0.2/0.3
Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
network
low complexity
jenkins CWE-312
4.3
2020-04-16 CVE-2020-11826 Cleartext Storage of Sensitive Information vulnerability in Appinghouse Memono 3.8
Users can lock their notes with a password in Memono version 3.8.
network
low complexity
appinghouse CWE-312
7.5
2020-04-06 CVE-2020-10267 Cleartext Storage of Sensitive Information vulnerability in Universal-Robots UR Software
Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps).
network
low complexity
universal-robots CWE-312
7.5
2020-03-30 CVE-2020-5723 Cleartext Storage of Sensitive Information vulnerability in Grandstream products
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database.
network
low complexity
grandstream CWE-312
critical
9.8
2020-03-27 CVE-2020-3921 Cleartext Storage of Sensitive Information vulnerability in Unisoon Ultralog Express Firmware 1.4.0
UltraLog Express device management software stores user’s information in cleartext.
network
low complexity
unisoon CWE-312
7.5
2020-03-19 CVE-2019-16062 Cleartext Storage of Sensitive Information vulnerability in Netsas Enigma Network Management Solution
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database.
network
low complexity
netsas CWE-312
6.5
2020-03-18 CVE-2019-10682 Cleartext Storage of Sensitive Information vulnerability in Django-Nopassword Project Django-Nopassword
django-nopassword before 5.0.0 stores cleartext secrets in the database.
network
low complexity
django-nopassword-project CWE-312
7.5
2020-03-16 CVE-2020-6980 Cleartext Storage of Sensitive Information vulnerability in Rockwellautomation products
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.
local
low complexity
rockwellautomation CWE-312
3.3