Vulnerabilities > Insufficiently Protected Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-20 | CVE-2022-47561 | Insufficiently Protected Credentials vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions. | 5.5 |
2023-09-20 | CVE-2023-25531 | Insufficiently Protected Credentials vulnerability in Nvidia DGX H100 Firmware NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. | 9.8 |
2023-09-20 | CVE-2023-25532 | Insufficiently Protected Credentials vulnerability in Nvidia DGX H100 Firmware NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. | 7.5 |
2023-09-14 | CVE-2023-41010 | Insufficiently Protected Credentials vulnerability in Tianyisc Tewa-700G Firmware Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the default password parameter. | 5.5 |
2023-09-05 | CVE-2023-32338 | Insufficiently Protected Credentials vulnerability in IBM products IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. | 5.5 |
2023-08-29 | CVE-2023-3251 | Insufficiently Protected Credentials vulnerability in Tenable Nessus A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0. | 4.9 |
2023-08-22 | CVE-2022-45611 | Insufficiently Protected Credentials vulnerability in Fresenius-Kabi Pharmahelp Firmware 5.1.759.0 An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. | 9.8 |
2023-08-17 | CVE-2023-31492 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. | 6.5 |
2023-08-16 | CVE-2023-40345 | Insufficiently Protected Credentials vulnerability in Jenkins Delphix Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to. | 6.5 |
2023-08-16 | CVE-2023-40347 | Insufficiently Protected Credentials vulnerability in Jenkins Maven Artifact Choicelistprovider (Nexus) Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | 6.5 |