Vulnerabilities > Missing Encryption of Sensitive Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-01 | CVE-2020-2249 | Missing Encryption of Sensitive Data vulnerability in Jenkins Team Foundation Server Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | 3.3 |
| 2020-09-01 | CVE-2020-2239 | Missing Encryption of Sensitive Data vulnerability in Jenkins Parameterized Remote Trigger Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | 4.3 |
| 2020-08-28 | CVE-2020-4591 | Missing Encryption of Sensitive Data vulnerability in IBM Spectrum Protect Server IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. | 3.3 |
| 2020-08-26 | CVE-2019-4686 | Missing Encryption of Sensitive Data vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. | 5.3 |
| 2020-08-26 | CVE-2020-3389 | Missing Encryption of Sensitive Data vulnerability in Cisco Hyperflex Hx-Series Software 4.0(2A) A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. | 4.4 |
| 2020-08-21 | CVE-2020-9062 | Missing Encryption of Sensitive Data vulnerability in Dieboldnixdorf Probase 1.1.30 Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited. | 5.3 |
| 2020-07-14 | CVE-2020-10039 | Missing Encryption of Sensitive Data vulnerability in Siemens products A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). | 8.1 |
| 2020-07-01 | CVE-2019-4704 | Missing Encryption of Sensitive Data vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.2 IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2020-05-28 | CVE-2020-4233 | Missing Encryption of Sensitive Data vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. | 5.3 |
| 2020-04-02 | CVE-2019-19090 | Missing Encryption of Sensitive Data vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2 For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. | 3.5 |