Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2018-10-23 CVE-2018-16837 Missing Encryption of Sensitive Data vulnerability in multiple products
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen.
local
low complexity
redhat debian suse CWE-311
7.8
2018-10-10 CVE-2018-17915 Missing Encryption of Sensitive Data vulnerability in Xiongmaitech Xmeye P2P Cloud Server
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication.
network
low complexity
xiongmaitech CWE-311
critical
9.8
2018-09-26 CVE-2018-1683 Missing Encryption of Sensitive Data vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication.
network
low complexity
ibm CWE-311
7.5
2018-09-19 CVE-2018-3826 Missing Encryption of Sensitive Data vulnerability in Elastic Elasticsearch
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API.
network
low complexity
elastic CWE-311
6.5
2018-09-11 CVE-2018-6976 Missing Encryption of Sensitive Data vulnerability in VMWare Workspace ONE
The VMware Content Locker for iOS prior to 4.14 contains a data protection vulnerability in the SQLite database.
network
low complexity
vmware CWE-311
5.3
2018-09-11 CVE-2018-6975 Missing Encryption of Sensitive Data vulnerability in VMWare Intelligent HUB
The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted.
local
low complexity
vmware CWE-311
5.5
2018-07-26 CVE-2018-14608 Missing Encryption of Sensitive Data vulnerability in Thomsonreuters Ultratax CS 2017
Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext.
network
low complexity
thomsonreuters CWE-311
7.5
2018-07-26 CVE-2018-14607 Missing Encryption of Sensitive Data vulnerability in Thomsonreuters Ultratax CS 2017
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.
network
low complexity
thomsonreuters CWE-311
7.5
2018-07-09 CVE-2017-3198 Missing Encryption of Sensitive Data vulnerability in Gigabyte Gb-Bsi7H-6500 Firmware and Gb-Bxi7-5775 Firmware
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware.
network
low complexity
gigabyte CWE-311
critical
9.8
2018-07-03 CVE-2018-7781 Missing Encryption of Sensitive Data vulnerability in Schneider-Electric products
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation.
network
low complexity
schneider-electric CWE-311
8.8