Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-14 | CVE-2023-41010 | Insufficiently Protected Credentials vulnerability in Tianyisc Tewa-700G Firmware Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the default password parameter. | 5.5 |
| 2023-09-05 | CVE-2023-32338 | Insufficiently Protected Credentials vulnerability in IBM products IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. | 5.5 |
| 2023-08-29 | CVE-2023-3251 | Insufficiently Protected Credentials vulnerability in Tenable Nessus A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0. | 4.9 |
| 2023-08-22 | CVE-2022-45611 | Insufficiently Protected Credentials vulnerability in Fresenius-Kabi Pharmahelp Firmware 5.1.759.0 An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. | 9.8 |
| 2023-08-17 | CVE-2023-31492 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. | 6.5 |
| 2023-08-16 | CVE-2023-40345 | Insufficiently Protected Credentials vulnerability in Jenkins Delphix Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to. | 6.5 |
| 2023-08-16 | CVE-2023-40347 | Insufficiently Protected Credentials vulnerability in Jenkins Maven Artifact Choicelistprovider (Nexus) Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | 6.5 |
| 2023-08-14 | CVE-2023-20965 | Insufficiently Protected Credentials vulnerability in Google Android 13.0 In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. | 9.8 |
| 2023-08-03 | CVE-2023-36082 | Insufficiently Protected Credentials vulnerability in Gatesair Flexiva FAX 150W Firmware An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials. | 9.8 |
| 2023-07-19 | CVE-2023-37362 | Insufficiently Protected Credentials vulnerability in Weintek Weincloud 0.13.6 Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website. | 8.8 |