Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-10 | CVE-2022-0019 | Insufficiently Protected Credentials vulnerability in Paloaltonetworks Globalprotect An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. | 5.5 |
| 2022-02-09 | CVE-2021-33107 | Insufficiently Protected Credentials vulnerability in Intel products Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access. | 4.6 |
| 2022-02-09 | CVE-2021-40360 | Insufficiently Protected Credentials vulnerability in Siemens Simatic PCS 7 and Simatic Wincc A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). | 8.8 |
| 2022-02-01 | CVE-2021-44451 | Insufficiently Protected Credentials vulnerability in Apache Superset Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. | 6.5 |
| 2022-01-25 | CVE-2022-23223 | Insufficiently Protected Credentials vulnerability in Apache Shenyu 2.4.0/2.4.1 On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. | 7.5 |
| 2022-01-24 | CVE-2022-22554 | Insufficiently Protected Credentials vulnerability in Dell EMC System Update Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. | 5.5 |
| 2022-01-21 | CVE-2021-23207 | Insufficiently Protected Credentials vulnerability in Fresenius-Kabi products An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. | 5.5 |
| 2022-01-20 | CVE-2021-32039 | Insufficiently Protected Credentials vulnerability in Mongodb Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. | 5.5 |
| 2022-01-17 | CVE-2022-0184 | Insufficiently Protected Credentials vulnerability in Kingjim products Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode. | 4.3 |
| 2022-01-12 | CVE-2022-20621 | Insufficiently Protected Credentials vulnerability in Jenkins Metrics Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 5.5 |