Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-15 | CVE-2021-38976 | Insufficiently Protected Credentials vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2021-11-12 | CVE-2021-43332 | Insufficiently Protected Credentials vulnerability in multiple products In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. | 6.5 |
| 2021-11-11 | CVE-2021-43397 | Insufficiently Protected Credentials vulnerability in Liquidfiles LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. | 8.8 |
| 2021-11-10 | CVE-2021-40503 | Insufficiently Protected Credentials vulnerability in SAP GUI for Windows An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. | 7.8 |
| 2021-11-02 | CVE-2021-41023 | Insufficiently Protected Credentials vulnerability in Fortinet Fortisiem A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files | 5.5 |
| 2021-10-22 | CVE-2020-23036 | Insufficiently Protected Credentials vulnerability in Medianavi Smacom 1.2 MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. | 5.9 |
| 2021-10-21 | CVE-2021-28496 | Insufficiently Protected Credentials vulnerability in Arista EOS On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. | 6.5 |
| 2021-10-13 | CVE-2021-40476 | Insufficiently Protected Credentials vulnerability in Microsoft products Windows AppContainer Elevation Of Privilege Vulnerability | 7.5 |
| 2021-10-06 | CVE-2021-41125 | Insufficiently Protected Credentials vulnerability in multiple products Scrapy is a high-level web crawling and scraping framework for Python. | 6.5 |
| 2021-10-06 | CVE-2021-36170 | Insufficiently Protected Credentials vulnerability in Fortinet Fortianalyzer and Fortimanager An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext. | 3.2 |