Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-27 | CVE-2022-28167 | Insufficiently Protected Credentials vulnerability in Broadcom Sannav 2.1.0/2.1.1/2.2.0.0 Brocade SANnav before Brocade SANvav v. | 6.5 |
| 2022-06-24 | CVE-2022-33953 | Insufficiently Protected Credentials vulnerability in IBM products IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. | 4.6 |
| 2022-06-24 | CVE-2022-1666 | Insufficiently Protected Credentials vulnerability in Secheron Sepcos Control and Protection Relay Firmware 1.23.0/1.24.0/1.25.0 The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool. | 6.5 |
| 2022-06-24 | CVE-2022-2103 | Insufficiently Protected Credentials vulnerability in Secheron Sepcos Control and Protection Relay Firmware 1.23.0/1.24.0/1.25.0 An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories. | 9.1 |
| 2022-06-23 | CVE-2022-34199 | Insufficiently Protected Credentials vulnerability in Jenkins Convertigo Mobile Platform 1.0/1.1 Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 |
| 2022-06-23 | CVE-2022-34202 | Insufficiently Protected Credentials vulnerability in Jenkins Easyqa 1.0 Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-23 | CVE-2022-34213 | Insufficiently Protected Credentials vulnerability in Jenkins Squash TM Publisher 1.0.0 Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-17 | CVE-2022-21184 | Insufficiently Protected Credentials vulnerability in Atvise 3.5.4/3.6/3.7 An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. | 5.9 |
| 2022-06-16 | CVE-2020-28865 | Insufficiently Protected Credentials vulnerability in Powerjob An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save. | 7.5 |
| 2022-06-15 | CVE-2022-1342 | Insufficiently Protected Credentials vulnerability in Devolutions Remote Desktop Manager A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. | 4.6 |