Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-26 | CVE-2019-6024 | Insufficiently Protected Credentials vulnerability in Rakuten Rakuma Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party. | 4.3 |
| 2019-12-23 | CVE-2019-3431 | Insufficiently Protected Credentials vulnerability in ZTE Zxcloud Goldendata VAP Zxivsvapportalxzgav4.01.01.02 All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. | 5.0 |
| 2019-12-19 | CVE-2019-18615 | Insufficiently Protected Credentials vulnerability in Arista Cloudvision Portal 2018.2.0/2018.2.3 In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. | 3.5 |
| 2019-12-18 | CVE-2019-18572 | Insufficiently Protected Credentials vulnerability in Dell RSA Identity Governance and Lifecycle The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. | 7.5 |
| 2019-12-18 | CVE-2019-8522 | Insufficiently Protected Credentials vulnerability in Apple mac OS X A logic issue was addressed with improved state management. | 2.1 |
| 2019-12-17 | CVE-2019-16572 | Insufficiently Protected Credentials vulnerability in Jenkins Weibo 1.0.1 Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 |
| 2019-12-17 | CVE-2019-16557 | Insufficiently Protected Credentials vulnerability in Jenkins Redgate SQL Change Automation Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
| 2019-12-17 | CVE-2019-16556 | Insufficiently Protected Credentials vulnerability in Jenkins Rundeck Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
| 2019-12-17 | CVE-2019-18832 | Insufficiently Protected Credentials vulnerability in Barco Clickshare Button R9861500D01 Firmware Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. | 6.8 |
| 2019-12-13 | CVE-2014-0241 | Insufficiently Protected Credentials vulnerability in multiple products rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | 2.1 |