Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2022-11-29 CVE-2022-46155 Insufficiently Protected Credentials vulnerability in Airtable
Airtable.js is the JavaScript client for Airtable.
network
high complexity
airtable CWE-522
6.4
2022-11-28 CVE-2022-41732 Insufficiently Protected Credentials vulnerability in IBM Maximo Application Suite 8.7/8.8
IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-522
5.5
2022-11-25 CVE-2022-29833 Insufficiently Protected Credentials vulnerability in Mitsubishielectric GX Works3
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information.
network
low complexity
mitsubishielectric CWE-522
6.5
2022-11-24 CVE-2022-26885 Insufficiently Protected Credentials vulnerability in Apache Dolphinscheduler
When using tasks to read config files, there is a risk of database password disclosure.
network
low complexity
apache CWE-522
7.5
2022-11-23 CVE-2022-45276 Insufficiently Protected Credentials vulnerability in Eyunjing Yjcms 1.0.9
An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.
network
low complexity
eyunjing CWE-522
critical
9.8
2022-11-17 CVE-2022-40751 Insufficiently Protected Credentials vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches.
network
low complexity
ibm CWE-522
4.9
2022-11-15 CVE-2022-45384 Insufficiently Protected Credentials vulnerability in Jenkins Reverse Proxy Auth
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
6.5
2022-11-15 CVE-2022-40845 Insufficiently Protected Credentials vulnerability in Tenda Ac1200 V-W15Ev2 Firmware 15.11.0.10(1576)
The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability.
network
low complexity
tenda CWE-522
6.5
2022-11-15 CVE-2022-42132 Insufficiently Protected Credentials vulnerability in Liferay Digital Experience Platform 7.0/7.1/7.2
The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential.
network
high complexity
liferay CWE-522
5.9
2022-11-14 CVE-2022-37109 Insufficiently Protected Credentials vulnerability in Camp Project Camp
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control.
network
low complexity
camp-project CWE-522
critical
9.8