Vulnerabilities > Missing Encryption of Sensitive Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-14 | CVE-2021-3882 | Missing Encryption of Sensitive Data vulnerability in Ledgersmb LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. | 6.8 |
2021-08-16 | CVE-2021-22932 | Missing Encryption of Sensitive Data vulnerability in Citrix Sharefile Storagezones Controller An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. | 5.0 |
2021-07-14 | CVE-2021-22782 | Missing Encryption of Sensitive Data vulnerability in Schneider-Electric products Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file. | 2.1 |
2021-06-16 | CVE-2021-20567 | Missing Encryption of Sensitive Data vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0 IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239. | 2.1 |
2021-06-01 | CVE-2019-4471 | Missing Encryption of Sensitive Data vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. | 4.0 |
2021-03-08 | CVE-2020-4695 | Missing Encryption of Sensitive Data vulnerability in IBM API Connect 10.0.0.0/10.0.1.0 IBM API Connect V10 is impacted by insecure communications during database replication. | 5.0 |
2021-02-16 | CVE-2020-29024 | Missing Encryption of Sensitive Data vulnerability in Secomea products Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. | 5.0 |
2021-01-26 | CVE-2020-23162 | Missing Encryption of Sensitive Data vulnerability in Pyres Termod4 Firmware Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials. | 5.0 |
2021-01-14 | CVE-2020-26732 | Missing Encryption of Sensitive Data vulnerability in Skyworth Gn542Vf BOA Firmware 0.94.13 SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 7.5 |
2021-01-13 | CVE-2020-4597 | Missing Encryption of Sensitive Data vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |