Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-04 | CVE-2023-24047 | Insufficiently Protected Credentials vulnerability in Connectize Ac21000 G6 Firmware 641.139.1.1256 An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm. | 6.8 |
| 2023-12-04 | CVE-2023-44300 | Insufficiently Protected Credentials vulnerability in Dell Powerprotect Data Manager Dm5500 Firmware Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. | 5.5 |
| 2023-11-29 | CVE-2023-49653 | Insufficiently Protected Credentials vulnerability in Jenkins Jira Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | 6.5 |
| 2023-11-27 | CVE-2023-6254 | Insufficiently Protected Credentials vulnerability in Otrs A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37. | 7.5 |
| 2023-11-24 | CVE-2023-44303 | Insufficiently Protected Credentials vulnerability in Robware Rvtools RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). | 7.5 |
| 2023-11-14 | CVE-2023-41676 | Insufficiently Protected Credentials vulnerability in Fortinet Fortisiem An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs. | 6.5 |
| 2023-11-08 | CVE-2023-26221 | Insufficiently Protected Credentials vulnerability in Tibco products The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. | 3.9 |
| 2023-10-26 | CVE-2023-38328 | Insufficiently Protected Credentials vulnerability in Egroupware 17.1.20190111 An issue was discovered in eGroupWare 17.1.20190111. | 4.9 |
| 2023-10-26 | CVE-2020-17477 | Insufficiently Protected Credentials vulnerability in Univention Ucs@School 4.4 Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. | 6.5 |
| 2023-10-26 | CVE-2023-43905 | Insufficiently Protected Credentials vulnerability in Writercms 1.1.0 Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors. | 7.5 |