Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2021-12-10 CVE-2021-37189 Missing Encryption of Sensitive Data vulnerability in Digi products
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4.
network
low complexity
digi CWE-311
5.0
2021-12-09 CVE-2021-36189 Missing Encryption of Sensitive Data vulnerability in Fortinet Forticlient Enterprise Management Server
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data
network
low complexity
fortinet CWE-311
4.0
2021-12-08 CVE-2021-37050 Missing Encryption of Sensitive Data vulnerability in Huawei Emui, Harmonyos and Magic UI
There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
network
low complexity
huawei CWE-311
5.0
2021-11-15 CVE-2021-38977 Missing Encryption of Sensitive Data vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies.
network
ibm CWE-311
4.3
2021-10-27 CVE-2021-35236 Missing Encryption of Sensitive Data vulnerability in Solarwinds Kiwi Syslog Server
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions.
network
low complexity
solarwinds CWE-311
5.3
2021-10-21 CVE-2021-29883 Missing Encryption of Sensitive Data vulnerability in IBM Transformation Extender Advanced
IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies.
network
ibm CWE-311
4.3
2021-10-14 CVE-2021-3882 Missing Encryption of Sensitive Data vulnerability in Ledgersmb 1.8.0
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy.
network
high complexity
ledgersmb CWE-311
6.8
2021-08-16 CVE-2021-22932 Missing Encryption of Sensitive Data vulnerability in Citrix Sharefile Storagezones Controller
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled.
network
low complexity
citrix CWE-311
5.0
2021-07-14 CVE-2021-22782 Missing Encryption of Sensitive Data vulnerability in Schneider-Electric products
Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file.
local
low complexity
schneider-electric CWE-311
2.1
2021-06-16 CVE-2021-20567 Missing Encryption of Sensitive Data vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0
IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239.
local
low complexity
ibm CWE-311
2.1