Vulnerabilities > Missing Encryption of Sensitive Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-05 | CVE-2019-6518 | Missing Encryption of Sensitive Data vulnerability in Moxa products Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. | 5.0 |
| 2019-03-05 | CVE-2018-1938 | Missing Encryption of Sensitive Data vulnerability in IBM Cloud Private 3.1.1 IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. | 2.1 |
| 2019-03-05 | CVE-2018-1937 | Missing Encryption of Sensitive Data vulnerability in IBM Cloud Private 3.1.1 IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. | 2.1 |
| 2019-03-04 | CVE-2018-5482 | Missing Encryption of Sensitive Data vulnerability in Netapp Snapcenter Server NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel. | 5.0 |
| 2019-02-07 | CVE-2018-1340 | Missing Encryption of Sensitive Data vulnerability in Apache Guacamole Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. | 7.5 |
| 2019-01-29 | CVE-2018-10612 | Missing Encryption of Sensitive Data vulnerability in Codesys products In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. | 10.0 |
| 2019-01-07 | CVE-2018-5481 | Missing Encryption of Sensitive Data vulnerability in Netapp Oncommand Unified Manager OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks. | 5.8 |
| 2019-01-03 | CVE-2018-16879 | Missing Encryption of Sensitive Data vulnerability in Redhat Ansible Tower Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. | 9.8 |
| 2019-01-02 | CVE-2018-20100 | Missing Encryption of Sensitive Data vulnerability in August Connect and August Connect Firmware An issue was discovered on August Connect devices. | 5.0 |
| 2018-12-25 | CVE-2018-20465 | Missing Encryption of Sensitive Data vulnerability in Craftcms Craft CMS Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field. | 4.0 |