Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2025-01-27 CVE-2024-38325 IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel.
network
high complexity
CWE-311
5.9
2025-01-24 CVE-2024-41757 IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
CWE-311
5.9
2024-10-10 CVE-2024-47871 Missing Encryption of Sensitive Data vulnerability in Gradio Project Gradio
Gradio is an open-source Python package designed for quick prototyping.
network
low complexity
gradio-project CWE-311
critical
9.1
2024-10-02 CVE-2024-20515 Missing Encryption of Sensitive Data vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings.
network
low complexity
cisco CWE-311
6.5
2024-09-26 CVE-2023-52948 Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent
Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.
local
low complexity
synology CWE-311
5.0
2024-09-26 CVE-2023-52950 Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent
Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.
high complexity
synology CWE-311
5.3
2024-09-04 CVE-2024-20503 Missing Encryption of Sensitive Data vulnerability in Cisco DUO Authentication for Epic
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key.
local
low complexity
cisco CWE-311
5.5
2024-08-22 CVE-2024-39746 Missing Encryption of Sensitive Data vulnerability in IBM Sterling Connect Direct web Services
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9
2024-08-19 CVE-2024-42657 Missing Encryption of Sensitive Data vulnerability in Nepstech Ntpl-Xpon1Gfevn Firmware 1.0
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process
network
low complexity
nepstech CWE-311
7.5
2024-08-15 CVE-2024-31905 Missing Encryption of Sensitive Data vulnerability in IBM Qradar Network Packet Capture 7.5.0
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9