Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-30 | CVE-2021-27785 | Insufficiently Protected Credentials vulnerability in Hcltechsw HCL Commerce HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. | 5.0 |
| 2022-07-27 | CVE-2022-36901 | Insufficiently Protected Credentials vulnerability in Jenkins Http Request Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-07-20 | CVE-2022-1766 | Insufficiently Protected Credentials vulnerability in Anchore and Anchorectl Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. | 7.5 |
| 2022-07-19 | CVE-2022-27544 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Platform BigFix Web Reports authorized users may see SMTP credentials in clear text. | 6.5 |
| 2022-07-12 | CVE-2022-22998 | Insufficiently Protected Credentials vulnerability in Westerndigital MY Cloud Home DUO Firmware and MY Cloud Home Firmware Implemented protections on AWS credentials that were not properly protected. | 7.5 |
| 2022-07-08 | CVE-2022-35411 | Insufficiently Protected Credentials vulnerability in Rpc.Py Project Rpc.Py rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. | 9.8 |
| 2022-07-06 | CVE-2022-27548 | Insufficiently Protected Credentials vulnerability in Hcltechsw HCL Launch 7.0.5.10/7.1.2.6/7.2.2.1 HCL Launch stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2022-06-30 | CVE-2022-34799 | Insufficiently Protected Credentials vulnerability in Jenkins Deployment Dashboard Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 4.3 |
| 2022-06-30 | CVE-2022-34800 | Insufficiently Protected Credentials vulnerability in Jenkins Build Notifications 1.4.2/1.4.3/1.5.0 Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 4.3 |
| 2022-06-30 | CVE-2022-34802 | Insufficiently Protected Credentials vulnerability in Jenkins Rocketchat Notifier Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 4.3 |