Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2024-03-31 CVE-2023-50311 Insufficiently Protected Credentials vulnerability in IBM Cics Transaction Gateway 9.2/9.3
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
network
low complexity
ibm CWE-522
4.9
2024-03-18 CVE-2022-47037 Insufficiently Protected Credentials vulnerability in Siklu TG Firmware
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.
network
low complexity
siklu CWE-522
7.5
2024-03-15 CVE-2021-38938 Insufficiently Protected Credentials vulnerability in IBM Host Access Transformation Services
IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-522
5.5
2024-02-12 CVE-2022-34311 Insufficiently Protected Credentials vulnerability in IBM Cics TX 11.1
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials.
low complexity
ibm CWE-522
4.3
2024-02-10 CVE-2024-22312 Insufficiently Protected Credentials vulnerability in IBM Storage Defender Resiliency Service 2.0
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-522
5.5
2024-02-09 CVE-2023-50291 Insufficiently Protected Credentials vulnerability in Apache Solr
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue:   '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'
network
low complexity
apache CWE-522
7.5
2024-02-05 CVE-2024-24595 Insufficiently Protected Credentials vulnerability in Clear Clearml
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
local
low complexity
clear CWE-522
7.1
2024-02-02 CVE-2024-21869 Insufficiently Protected Credentials vulnerability in Rapidscada Rapid Scada
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places.
local
low complexity
rapidscada CWE-522
5.5
2024-01-29 CVE-2023-29055 Insufficiently Protected Credentials vulnerability in Apache Kylin
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials.
network
low complexity
apache CWE-522
7.5
2024-01-25 CVE-2024-22432 Insufficiently Protected Credentials vulnerability in Dell Networker
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups.
local
low complexity
dell CWE-522
6.5