Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2020-08-26 CVE-2019-4686 Missing Encryption of Sensitive Data vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-311
5.3
2020-08-26 CVE-2020-3389 Missing Encryption of Sensitive Data vulnerability in Cisco Hyperflex Hx-Series Software 4.0(2A)
A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device.
local
low complexity
cisco CWE-311
4.4
2020-08-21 CVE-2020-9062 Missing Encryption of Sensitive Data vulnerability in Dieboldnixdorf Probase 1.1.30
Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited.
low complexity
dieboldnixdorf CWE-311
5.3
2020-07-14 CVE-2020-10039 Missing Encryption of Sensitive Data vulnerability in Siemens products
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18).
network
high complexity
siemens CWE-311
8.1
2020-07-01 CVE-2019-4704 Missing Encryption of Sensitive Data vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.2
IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-311
4.3
2020-05-28 CVE-2020-4233 Missing Encryption of Sensitive Data vulnerability in IBM Security Identity Governance and Intelligence 5.2.6
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode.
network
low complexity
ibm CWE-311
5.3
2020-04-02 CVE-2019-19090 Missing Encryption of Sensitive Data vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header.
network
low complexity
hitachienergy CWE-311
3.5
2020-02-05 CVE-2019-4616 Missing Encryption of Sensitive Data vulnerability in IBM Cloud Automation Manager 3.2.1.0
IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies.
low complexity
ibm CWE-311
3.5
2020-01-14 CVE-2015-0558 Missing Encryption of Sensitive Data vulnerability in Adbglobal P.Dga4001N Firmware Pdgtefsp4.06L.6
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key.
network
low complexity
adbglobal CWE-311
5.3
2019-12-30 CVE-2012-5474 Missing Encryption of Sensitive Data vulnerability in multiple products
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
5.5