Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2023-02-11 CVE-2022-34445 Insufficiently Protected Credentials vulnerability in Dell Powerscale Onefs
Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password.
local
low complexity
dell CWE-522
4.4
4.4
2023-01-30 CVE-2022-32519 Insufficiently Protected Credentials vulnerability in Schneider-Electric Data Center Expert
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party.
network
low complexity
schneider-electric CWE-522
critical
 9.8
9.8
2023-01-23 CVE-2022-4693 Insufficiently Protected Credentials vulnerability in Pickplugins User Verification
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability.
network
low complexity
pickplugins CWE-522
critical
 9.8
9.8
2023-01-18 CVE-2022-38469 Insufficiently Protected Credentials vulnerability in GE Proficy Historian
An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.
network
low complexity
ge CWE-522
7.5
7.5
2023-01-17 CVE-2022-23538 Insufficiently Protected Credentials vulnerability in Sylabs Singularity Container Services Library
github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service.
network
low complexity
sylabs CWE-522
7.6
7.6
2023-01-17 CVE-2022-41859 Insufficiently Protected Credentials vulnerability in Freeradius
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
network
low complexity
freeradius CWE-522
7.5
7.5
2023-01-13 CVE-2021-36204 Insufficiently Protected Credentials vulnerability in Johnsoncontrols products
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.
network
low complexity
johnsoncontrols CWE-522
7.5
7.5
2022-12-22 CVE-2022-22458 Insufficiently Protected Credentials vulnerability in IBM Security Verify Governance 10.0.1
IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user.
network
low complexity
ibm CWE-522
6.5
6.5
2022-12-12 CVE-2022-4312 Insufficiently Protected Credentials vulnerability in Arcinformatique Pcvue 12.0.26/15/15.2.2
A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3.
local
low complexity
arcinformatique CWE-522
5.5
5.5
2022-12-09 CVE-2022-29839 Insufficiently Protected Credentials vulnerability in Westerndigital MY Cloud OS
Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data.
local
low complexity
westerndigital CWE-522
5.5
5.5