Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2022-47561 Insufficiently Protected Credentials vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware
The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions.
local
low complexity
ormazabal CWE-522
5.5
2023-09-20 CVE-2023-25531 Insufficiently Protected Credentials vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials.
network
low complexity
nvidia CWE-522
critical
9.8
2023-09-20 CVE-2023-25532 Insufficiently Protected Credentials vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials.
network
low complexity
nvidia CWE-522
7.5
2023-09-14 CVE-2023-41010 Insufficiently Protected Credentials vulnerability in Tianyisc Tewa-700G Firmware
Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the default password parameter.
local
low complexity
tianyisc CWE-522
5.5
2023-09-05 CVE-2023-32338 Insufficiently Protected Credentials vulnerability in IBM products
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access.
local
low complexity
ibm CWE-522
5.5
2023-08-29 CVE-2023-3251 Insufficiently Protected Credentials vulnerability in Tenable Nessus
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.
network
low complexity
tenable CWE-522
4.9
2023-08-22 CVE-2022-45611 Insufficiently Protected Credentials vulnerability in Fresenius-Kabi Pharmahelp Firmware 5.1.759.0
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information.
network
low complexity
fresenius-kabi CWE-522
critical
9.8
2023-08-17 CVE-2023-31492 Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.
network
low complexity
zohocorp CWE-522
6.5
2023-08-16 CVE-2023-40345 Insufficiently Protected Credentials vulnerability in Jenkins Delphix
Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.
network
low complexity
jenkins CWE-522
6.5
2023-08-16 CVE-2023-40347 Insufficiently Protected Credentials vulnerability in Jenkins Maven Artifact Choicelistprovider (Nexus)
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
network
low complexity
jenkins CWE-522
6.5