Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2022-0859 | Insufficiently Protected Credentials vulnerability in Mcafee Epolicy Orchestrator McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. | 6.7 |
| 2022-03-18 | CVE-2020-25184 | Insufficiently Protected Credentials vulnerability in multiple products Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. | 5.5 |
| 2022-03-18 | CVE-2021-39046 | Insufficiently Protected Credentials vulnerability in IBM products IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. | 4.9 |
| 2022-03-15 | CVE-2022-27206 | Insufficiently Protected Credentials vulnerability in Jenkins Gitlab Authentication Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-03-15 | CVE-2022-27216 | Insufficiently Protected Credentials vulnerability in Jenkins Dbcharts 0.4/0.5.2 Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-03-15 | CVE-2022-27217 | Insufficiently Protected Credentials vulnerability in Jenkins VMWare Vrealize Codestream Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 |
| 2022-03-15 | CVE-2022-27218 | Insufficiently Protected Credentials vulnerability in Jenkins Incapptic Connect Uploader Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 4.3 |
| 2022-02-26 | CVE-2022-22908 | Insufficiently Protected Credentials vulnerability in Sangfor VDI Client 5.4.2.1006 SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields. | 5.5 |
| 2022-02-24 | CVE-2022-24610 | Insufficiently Protected Credentials vulnerability in Alecto Dvc-215Ip Firmware Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and below shows the Wi-Fi passphrase hidden, but by editing/removing the style of the password field the password becomes visible which grants access to an internal network connected to the camera. | 8.6 |
| 2022-02-16 | CVE-2022-24982 | Insufficiently Protected Credentials vulnerability in Jqueryform Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. | 6.5 |