Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2019-03-27 CVE-2019-9862 Missing Encryption of Sensitive Data vulnerability in Abus products
An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015.
low complexity
abus CWE-311
6.5
2019-03-05 CVE-2019-6518 Missing Encryption of Sensitive Data vulnerability in Moxa products
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.
network
low complexity
moxa CWE-311
7.5
2019-03-05 CVE-2018-1938 Missing Encryption of Sensitive Data vulnerability in IBM Cloud Private 3.1.1
IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data.
local
low complexity
ibm CWE-311
4.4
2019-03-05 CVE-2018-1937 Missing Encryption of Sensitive Data vulnerability in IBM Cloud Private 3.1.1
IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data.
local
low complexity
ibm CWE-311
4.4
2019-03-04 CVE-2018-5482 Missing Encryption of Sensitive Data vulnerability in Netapp Snapcenter Server
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.
network
low complexity
netapp CWE-311
5.3
2019-02-07 CVE-2018-1340 Missing Encryption of Sensitive Data vulnerability in Apache Guacamole
Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token.
network
low complexity
apache CWE-311
7.5
2019-01-07 CVE-2018-5481 Missing Encryption of Sensitive Data vulnerability in Netapp Oncommand Unified Manager
OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks.
network
high complexity
netapp CWE-311
7.4
2019-01-03 CVE-2018-16879 Missing Encryption of Sensitive Data vulnerability in Redhat Ansible Tower
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ.
network
low complexity
redhat CWE-311
critical
9.8
2019-01-02 CVE-2018-20100 Missing Encryption of Sensitive Data vulnerability in August Connect and August Connect Firmware
An issue was discovered on August Connect devices.
network
low complexity
august CWE-311
critical
9.8
2018-12-25 CVE-2018-20465 Missing Encryption of Sensitive Data vulnerability in Craftcms Craft CMS
Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.
network
low complexity
craftcms CWE-311
7.2