Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-16 | CVE-2022-36308 | Insufficiently Protected Credentials vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249 Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. | 9.1 |
| 2022-08-10 | CVE-2022-22983 | Insufficiently Protected Credentials vulnerability in VMWare Workstation VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. | 5.9 |
| 2022-08-10 | CVE-2022-20914 | Insufficiently Protected Credentials vulnerability in Cisco Identity Services Engine A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. | 4.9 |
| 2022-08-01 | CVE-2022-33169 | Insufficiently Protected Credentials vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. | 6.5 |
| 2022-07-30 | CVE-2021-27785 | Insufficiently Protected Credentials vulnerability in Hcltechsw HCL Commerce HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. | 5.0 |
| 2022-07-27 | CVE-2022-36901 | Insufficiently Protected Credentials vulnerability in Jenkins Http Request Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-07-20 | CVE-2022-1766 | Insufficiently Protected Credentials vulnerability in Anchore and Anchorectl Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. | 7.5 |
| 2022-07-19 | CVE-2022-27544 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Platform BigFix Web Reports authorized users may see SMTP credentials in clear text. | 6.5 |
| 2022-07-12 | CVE-2022-22998 | Insufficiently Protected Credentials vulnerability in Westerndigital MY Cloud Home DUO Firmware and MY Cloud Home Firmware Implemented protections on AWS credentials that were not properly protected. | 7.5 |
| 2022-07-11 | CVE-2022-1794 | Insufficiently Protected Credentials vulnerability in Codesys OPC DA Server The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system. | 5.5 |