Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2019-9867 Insufficiently Protected Credentials vulnerability in Veritas Netbackup Appliance
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2.
network
low complexity
veritas CWE-522
7.2
7.2
2019-03-21 CVE-2019-5723 Insufficiently Protected Credentials vulnerability in Portier 4.4.4.2/4.4.4.6
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6.
network
low complexity
portier CWE-522
critical
 9.8
9.8
2019-03-21 CVE-2018-17500 Insufficiently Protected Credentials vulnerability in Envoy Passport 2.2.5/2.4.0
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext.
local
low complexity
envoy CWE-522
7.8
7.8
2019-03-08 CVE-2019-1003039 Insufficiently Protected Credentials vulnerability in Jenkins Appdynamics
An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them.
network
low complexity
jenkins CWE-522
8.8
8.8
2019-03-08 CVE-2019-1003038 Insufficiently Protected Credentials vulnerability in Jenkins Repository Connector
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g.
local
low complexity
jenkins CWE-522
7.8
7.8
2019-03-08 CVE-2019-3780 Insufficiently Protected Credentials vulnerability in Cloudfoundry Container Runtime
Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials.
network
low complexity
cloudfoundry CWE-522
8.8
8.8
2019-02-15 CVE-2019-4059 Insufficiently Protected Credentials vulnerability in IBM Rational Clearcase
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password.
network
low complexity
ibm CWE-522
critical
 9.8
9.8
2019-02-13 CVE-2019-3782 Insufficiently Protected Credentials vulnerability in Cloudfoundry Credhub CLI
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file.
local
low complexity
cloudfoundry CWE-522
7.8
7.8
2019-02-12 CVE-2019-6549 Insufficiently Protected Credentials vulnerability in Kunbus Pr100088 Modbus Gateway Firmware 1.0.10232/1.1.13166
An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP.
network
low complexity
kunbus CWE-522
7.2
7.2
2019-02-12 CVE-2018-20781 Insufficiently Protected Credentials vulnerability in multiple products
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon.
local
low complexity
gnome canonical oracle CWE-522
7.8
7.8