Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2021-11-12 CVE-2021-3787 Insufficiently Protected Credentials vulnerability in Binatoneglobal products
A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services.
local
low complexity
binatoneglobal CWE-522
4.6
2021-11-12 CVE-2021-41972 Insufficiently Protected Credentials vulnerability in Apache Superset
Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users.
network
low complexity
apache CWE-522
4.0
2021-11-10 CVE-2021-40520 Insufficiently Protected Credentials vulnerability in Airangel products
Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials.
network
low complexity
airangel CWE-522
5.0
2021-11-10 CVE-2021-40503 Insufficiently Protected Credentials vulnerability in SAP GUI
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password.
local
low complexity
sap CWE-522
2.1
2021-11-03 CVE-2021-38502 Insufficiently Protected Credentials vulnerability in Mozilla Thunderbird
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection.
network
mozilla CWE-522
4.3
2021-11-01 CVE-2021-42557 Insufficiently Protected Credentials vulnerability in Jeedom 4.0.38
In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials.
network
low complexity
jeedom CWE-522
5.0
2021-10-22 CVE-2020-23036 Insufficiently Protected Credentials vulnerability in Medianavi Smacom 1.2
MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module.
network
medianavi CWE-522
4.3
2021-10-12 CVE-2021-35495 Insufficiently Protected Credentials vulnerability in Tibco Jasperreports Server
The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system.
network
low complexity
tibco CWE-522
4.0
2021-10-12 CVE-2021-38179 Insufficiently Protected Credentials vulnerability in SAP Business ONE 10.0
Debug function of Admin UI of SAP Business One Integration is enabled by default.
network
low complexity
sap CWE-522
4.0
2021-10-12 CVE-2021-38460 Insufficiently Protected Credentials vulnerability in Moxa Mxview
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
network
low complexity
moxa CWE-522
5.0