Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-05 | CVE-2022-37783 | Insufficiently Protected Credentials vulnerability in Craftcms Craft CMS All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. | 7.5 |
| 2022-12-05 | CVE-2022-43442 | Insufficiently Protected Credentials vulnerability in FSI Fs040U Firmware Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earlier, which may allow an attacker to obtain the login password of +F FS040U and log in to the management console. | 4.6 |
| 2022-11-28 | CVE-2022-41732 | Insufficiently Protected Credentials vulnerability in IBM Maximo Application Suite 8.7/8.8 IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2022-11-25 | CVE-2022-29833 | Insufficiently Protected Credentials vulnerability in Mitsubishielectric GX Works3 Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. | 6.5 |
| 2022-11-23 | CVE-2022-41933 | Insufficiently Protected Credentials vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 6.5 |
| 2022-11-17 | CVE-2022-40751 | Insufficiently Protected Credentials vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601. | 4.9 |
| 2022-11-15 | CVE-2022-45384 | Insufficiently Protected Credentials vulnerability in Jenkins Reverse Proxy Auth Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | 6.5 |
| 2022-11-15 | CVE-2022-45392 | Insufficiently Protected Credentials vulnerability in Jenkins Ns-Nd Integration Performance Publisher Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | 6.5 |
| 2022-11-14 | CVE-2022-37109 | Insufficiently Protected Credentials vulnerability in Camp Project Camp patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. | 9.8 |
| 2022-11-11 | CVE-2022-26341 | Insufficiently Protected Credentials vulnerability in Intel products Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. | 8.8 |