Vulnerabilities > Insecure Storage of Sensitive Information
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-26 | CVE-2019-4695 | Insecure Storage of Sensitive Information vulnerability in IBM Guardium Data Encryption 3.0.0.2 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2020-07-22 | CVE-2020-4371 | Insecure Storage of Sensitive Information vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. | 3.3 |
| 2020-05-29 | CVE-2020-8482 | Insecure Storage of Sensitive Information vulnerability in ABB Device Library Wizard 6.0.3.2/6.1.0 Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | 5.5 |
| 2020-04-29 | CVE-2020-8481 | Insecure Storage of Sensitive Information vulnerability in ABB 800Xa System 5.1 For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. | 9.8 |
| 2020-04-03 | CVE-2020-7000 | Insecure Storage of Sensitive Information vulnerability in Visam Vbase Editor and Vbase Web-Remote VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface. | 7.5 |
| 2020-03-19 | CVE-2020-5262 | Insecure Storage of Sensitive Information vulnerability in Easybuild Project Easybuild In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. | 5.5 |
| 2020-03-03 | CVE-2020-4197 | Insecure Storage of Sensitive Information vulnerability in IBM Tivoli Netcool/Omnibus 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. | 2.4 |
| 2020-02-24 | CVE-2018-13313 | Insecure Storage of Sensitive Information vulnerability in Totolink A3002Ru Firmware 1.0.8 In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. | 6.5 |
| 2020-02-17 | CVE-2019-12825 | Insecure Storage of Sensitive Information vulnerability in Gitlab Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. | 4.3 |
| 2020-02-10 | CVE-2019-20060 | Insecure Storage of Sensitive Information vulnerability in Mfscripts Yetishare MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. | 7.5 |