Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-04 | CVE-2021-32978 | Insufficiently Protected Credentials vulnerability in Automationdirect products The programming protocol allows for a previously entered password and lock state to be read by an attacker. | 7.5 |
| 2022-04-04 | CVE-2022-1026 | Insufficiently Protected Credentials vulnerability in Kyocera NET Viewer 2S01000.005.0012S52000.002.505 Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function. | 8.6 |
| 2022-04-01 | CVE-2021-33024 | Insufficiently Protected Credentials vulnerability in Philips products Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. | 7.5 |
| 2022-03-30 | CVE-2022-26948 | Insufficiently Protected Credentials vulnerability in RSA Archer The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. | 7.5 |
| 2022-03-29 | CVE-2022-28135 | Insufficiently Protected Credentials vulnerability in Jenkins Instant-Messaging Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-03-29 | CVE-2022-28141 | Insufficiently Protected Credentials vulnerability in Jenkins Proxmox Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-03-28 | CVE-2022-0738 | Insufficiently Protected Credentials vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. | 7.5 |
| 2022-03-23 | CVE-2022-0859 | Insufficiently Protected Credentials vulnerability in Mcafee Epolicy Orchestrator McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. | 6.7 |
| 2022-03-18 | CVE-2020-25184 | Insufficiently Protected Credentials vulnerability in multiple products Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. | 5.5 |
| 2022-03-18 | CVE-2021-39046 | Insufficiently Protected Credentials vulnerability in IBM products IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. | 4.9 |