Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-15 | CVE-2020-0540 | Insufficiently Protected Credentials vulnerability in Intel Active Management Technology Firmware Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | 7.5 |
| 2020-06-12 | CVE-2020-10752 | Insufficiently Protected Credentials vulnerability in Redhat Openshift Container Platform 3.11/4.0 A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. | 7.5 |
| 2020-06-10 | CVE-2020-10755 | Insufficiently Protected Credentials vulnerability in multiple products An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. | 6.5 |
| 2020-06-10 | CVE-2020-6239 | Insufficiently Protected Credentials vulnerability in SAP Business ONE 10.0/9.3 Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure. | 4.4 |
| 2020-06-04 | CVE-2020-11681 | Insufficiently Protected Credentials vulnerability in Castel Nextgen DVR Firmware 1.0.0 Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. | 8.1 |
| 2020-06-04 | CVE-2018-21239 | Insufficiently Protected Credentials vulnerability in Foxitsoftware Phantompdf An issue was discovered in Foxit Reader and PhantomPDF before 9.2. | 5.3 |
| 2020-06-04 | CVE-2018-21237 | Insufficiently Protected Credentials vulnerability in Foxitsoftware Phantompdf An issue was discovered in Foxit PhantomPDF before 8.3.7. | 5.3 |
| 2020-06-03 | CVE-2020-2198 | Insufficiently Protected Credentials vulnerability in Jenkins Project Inheritance Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure. | 6.5 |
| 2020-06-01 | CVE-2014-9702 | Insufficiently Protected Credentials vulnerability in 2Pisoftware Cmfive system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request. | 7.5 |
| 2020-06-01 | CVE-2014-8938 | Insufficiently Protected Credentials vulnerability in Piwigo Lexiglot Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. | 7.8 |