Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2021-08-16 CVE-2021-22932 Missing Encryption of Sensitive Data vulnerability in Citrix Sharefile Storagezones Controller
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled.
network
low complexity
citrix CWE-311
7.5
2021-06-16 CVE-2021-20567 Missing Encryption of Sensitive Data vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0
IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239.
local
low complexity
ibm CWE-311
4.4
2021-06-01 CVE-2019-4471 Missing Encryption of Sensitive Data vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session.
network
low complexity
ibm netapp CWE-311
6.5
2021-05-05 CVE-2021-29248 Missing Encryption of Sensitive Data vulnerability in Btcpayserver Btcpay Server
BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie.
network
low complexity
btcpayserver CWE-311
5.3
2021-02-16 CVE-2020-29024 Missing Encryption of Sensitive Data vulnerability in Secomea products
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies.
network
low complexity
secomea CWE-311
5.3
2021-01-14 CVE-2020-26732 Missing Encryption of Sensitive Data vulnerability in Skyworth Gn542Vf BOA Firmware 0.94.13
SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
network
low complexity
skyworth CWE-311
7.5
2020-12-31 CVE-2020-25842 Missing Encryption of Sensitive Data vulnerability in Panorama Nhiservisignadapter 1.0.20.0218
The encryption function of NHIServiSignAdapter fail to verify the file path input by users.
network
low complexity
panorama CWE-311
7.5
2020-12-15 CVE-2020-27055 Missing Encryption of Sensitive Data vulnerability in Google Android 11.0
In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigController2.java, there is a possible insecure WiFi configuration due to improper input validation.
network
low complexity
google CWE-311
7.5
2020-12-01 CVE-2020-4126 Missing Encryption of Sensitive Data vulnerability in Hcltech HCL Inotes
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability.
network
high complexity
hcltech CWE-311
5.9
2020-11-09 CVE-2020-8150 Missing Encryption of Sensitive Data vulnerability in Nextcloud Server
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.
local
high complexity
nextcloud CWE-311
4.1