Vulnerabilities > Insufficiently Protected Credentials

DATE	CVE	VULNERABILITY TITLE	RISK
2024-11-18	CVE-2021-1232	A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. network low complexity CWE-522	6.5
2024-11-04	CVE-2024-34882	Insufficiently Protected Credentials vulnerability in Bitrix24 23.300.100 Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request. network low complexity bitrix24 CWE-522	4.9
2024-11-04	CVE-2024-34883	Insufficiently Protected Credentials vulnerability in Bitrix24 23.300.100 Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request. network low complexity bitrix24 CWE-522	4.9
2024-11-04	CVE-2024-34887	Insufficiently Protected Credentials vulnerability in Bitrix24 23.300.100 Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request. network low complexity bitrix24 CWE-522	4.9
2024-10-23	CVE-2023-50310	Insufficiently Protected Credentials vulnerability in IBM Cics Transaction Gateway 9.2/9.3 IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. network low complexity ibm CWE-522	7.5
2024-10-22	CVE-2024-9677	The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. local low complexity CWE-522	5.5
2024-10-20	CVE-2024-44000	Insufficiently Protected Credentials vulnerability in Litespeedtech Litespeed Cache Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1. network low complexity litespeedtech CWE-522 critical	9.8
2024-10-16	CVE-2024-20462	Insufficiently Protected Credentials vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device. local low complexity cisco CWE-522	5.5
2024-10-08	CVE-2024-47161	Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API network low complexity jetbrains CWE-522	6.5
2024-10-02	CVE-2024-47805	Insufficiently Protected Credentials vulnerability in Jenkins Credentials Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI. network low complexity jenkins CWE-522	7.5