Vulnerabilities > Insecure Storage of Sensitive Information

DATE CVE VULNERABILITY TITLE RISK
2021-05-24 CVE-2020-28911 Insecure Storage of Sensitive Information vulnerability in Nagios Fusion
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.
network
low complexity
nagios CWE-922
6.5
2021-05-19 CVE-2020-4765 Insecure Storage of Sensitive Information vulnerability in IBM Cloud PAK for Multicloud Management
IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-922
3.3
2021-05-14 CVE-2021-20391 Insecure Storage of Sensitive Information vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-922
3.3
2021-03-19 CVE-2021-28653 Insecure Storage of Sensitive Information vulnerability in Westerndigital Armorlock
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely.
network
low complexity
westerndigital CWE-922
6.5
2021-03-02 CVE-2020-4726 Insecure Storage of Sensitive Information vulnerability in IBM Cloud Application Performance Management 8.1.4
The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-922
3.3
2021-02-10 CVE-2021-27170 Insecure Storage of Sensitive Information vulnerability in Fiberhome Hg6245D Firmware Rp2613
An issue was discovered on FiberHome HG6245D devices through RP2613.
network
low complexity
fiberhome CWE-922
critical
9.8
2021-02-03 CVE-2021-25776 Insecure Storage of Sensitive Information vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
network
low complexity
jetbrains CWE-922
7.5
2021-01-29 CVE-2020-29603 Insecure Storage of Sensitive Information vulnerability in Mantisbt
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.
network
low complexity
mantisbt CWE-922
4.3
2021-01-19 CVE-2020-4871 Insecure Storage of Sensitive Information vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-922
5.5
2021-01-12 CVE-2020-4674 Insecure Storage of Sensitive Information vulnerability in IBM Workload Automation 9.5
IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system.
network
low complexity
ibm CWE-922
4.3