Vulnerabilities > Insufficiently Protected Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-24 | CVE-2020-6961 | Insufficiently Protected Credentials vulnerability in Gehealthcare products In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files. | 7.5 |
2020-01-23 | CVE-2012-6663 | Insufficiently Protected Credentials vulnerability in GE D200 Firmware and D20Me Firmware General Electric D20ME devices are not properly configured and reveal plaintext passwords. | 5.0 |
2020-01-22 | CVE-2019-19843 | Insufficiently Protected Credentials vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. | 7.5 |
2020-01-16 | CVE-2019-12423 | Insufficiently Protected Credentials vulnerability in multiple products Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. | 7.5 |
2020-01-15 | CVE-2019-19857 | Insufficiently Protected Credentials vulnerability in Serpico Project Serpico 1.3.0 An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. | 5.0 |
2020-01-15 | CVE-2020-2095 | Insufficiently Protected Credentials vulnerability in Jenkins Redgate SQL Change Automation Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
2020-01-13 | CVE-2020-6954 | Insufficiently Protected Credentials vulnerability in Cayintech Smp-Pro4 Firmware An issue was discovered on Cayin SMP-PRO4 devices. | 4.0 |
2020-01-13 | CVE-2014-6039 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Eventlog Analyzer 7.0/9.0/9.9 ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. | 5.0 |
2020-01-13 | CVE-2014-5381 | Insufficiently Protected Credentials vulnerability in Granding Grand Ma300 Firmware 6.60 Grand MA 300 allows a brute-force attack on the PIN. | 5.0 |
2020-01-10 | CVE-2012-3823 | Insufficiently Protected Credentials vulnerability in Arialsoftware Campaign Enterprise Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | 5.0 |