Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-19 | CVE-2020-27270 | Insufficiently Protected Credentials vulnerability in Sooil products SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE). | 5.7 |
| 2021-01-14 | CVE-2021-22132 | Insufficiently Protected Credentials vulnerability in multiple products Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. | 4.8 |
| 2021-01-13 | CVE-2020-4602 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. | 4.4 |
| 2021-01-13 | CVE-2021-21614 | Insufficiently Protected Credentials vulnerability in Jenkins Bumblebee HP ALM Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 5.5 |
| 2021-01-13 | CVE-2021-21612 | Insufficiently Protected Credentials vulnerability in Jenkins Tracetronic Ecu-Test Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 5.5 |
| 2021-01-12 | CVE-2020-28390 | Insufficiently Protected Credentials vulnerability in Siemens Opcenter Execution Core 8.2/8.3 A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). | 5.5 |
| 2021-01-04 | CVE-2020-4913 | Insufficiently Protected Credentials vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. | 4.4 |
| 2020-12-22 | CVE-2020-29583 | Insufficiently Protected Credentials vulnerability in Zyxel products Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. | 9.8 |
| 2020-12-22 | CVE-2020-24680 | Insufficiently Protected Credentials vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database. | 7.0 |
| 2020-12-18 | CVE-2020-27781 | Insufficiently Protected Credentials vulnerability in multiple products User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. | 7.1 |