Vulnerabilities > Cleartext Storage of Sensitive Information

DATE CVE VULNERABILITY TITLE RISK
2019-04-30 CVE-2019-3937 Cleartext Storage of Sensitive Information vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf.
local
low complexity
crestron CWE-312
7.8
2019-04-22 CVE-2019-11384 Cleartext Storage of Sensitive Information vulnerability in Zalora 6.15.1
The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e.
network
low complexity
zalora CWE-312
critical
9.8
2019-04-10 CVE-2019-0285 Cleartext Storage of Sensitive Information vulnerability in SAP Crystal Reports 2010
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.
network
low complexity
sap CWE-312
critical
9.8
2019-04-10 CVE-2019-3612 Cleartext Storage of Sensitive Information vulnerability in Mcafee Data Exchange Layer and Threat Intelligence Exchange
Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.
local
low complexity
mcafee CWE-312
4.4
2019-04-08 CVE-2018-1882 Cleartext Storage of Sensitive Information vulnerability in IBM products
In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file.
local
high complexity
ibm CWE-312
4.7
2019-04-04 CVE-2018-19981 Cleartext Storage of Sensitive Information vulnerability in Amazon AWS Software Development KIT
Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service.
network
low complexity
amazon CWE-312
7.2
2019-03-26 CVE-2019-3606 Cleartext Storage of Sensitive Information vulnerability in Mcafee Network Security Manager
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.
local
high complexity
mcafee CWE-312
4.1
2019-03-21 CVE-2018-17499 Cleartext Storage of Sensitive Information vulnerability in Envoy Passport 2.2.5/2.4.0
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs.
local
low complexity
envoy CWE-312
5.5
2019-03-21 CVE-2018-17489 Cleartext Storage of Sensitive Information vulnerability in Hidglobal Easylobby Solo 11.0.4563
EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext.
local
low complexity
hidglobal CWE-312
5.5
2019-03-21 CVE-2018-12572 Cleartext Storage of Sensitive Information vulnerability in Avast Free Antivirus
Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.
local
low complexity
avast CWE-312
7.8