Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-28 | CVE-2021-30169 | Insufficiently Protected Credentials vulnerability in Meritlilin products The sensitive information of webcam device is not properly protected. | 7.5 |
| 2021-04-28 | CVE-2021-30168 | Insufficiently Protected Credentials vulnerability in Meritlilin products The sensitive information of webcam device is not properly protected. | 9.8 |
| 2021-04-13 | CVE-2021-29262 | Insufficiently Protected Credentials vulnerability in Apache Solr When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. | 7.5 |
| 2021-04-12 | CVE-2020-15942 | Insufficiently Protected Credentials vulnerability in Fortinet Fortiweb An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile. | 6.5 |
| 2021-04-08 | CVE-2021-22115 | Insufficiently Protected Credentials vulnerability in Cloudfoundry Capi-Release Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. | 6.5 |
| 2021-04-02 | CVE-2020-11925 | Insufficiently Protected Credentials vulnerability in Luvion Grand Elite 3 Connect Firmware 20200225 An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. | 8.8 |
| 2021-03-30 | CVE-2021-21634 | Insufficiently Protected Credentials vulnerability in Jenkins Jabber (Xmpp) Notifier and Control Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2021-03-26 | CVE-2021-29255 | Insufficiently Protected Credentials vulnerability in Microseven Mym71080I-B Firmware MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. | 7.5 |
| 2021-03-25 | CVE-2021-27372 | Insufficiently Protected Credentials vulnerability in Realtek Xpon Rtl9601D Software Development KIT 1.9 Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands. | 9.8 |
| 2021-03-24 | CVE-2021-1392 | Insufficiently Protected Credentials vulnerability in Cisco IOS and IOS XE A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. | 7.8 |