Vulnerabilities > Missing Encryption of Sensitive Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-29 | CVE-2020-15330 | Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. | 5.3 |
2022-09-29 | CVE-2020-15331 | Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. | 9.8 |
2022-09-29 | CVE-2020-15340 | Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key. | 7.5 |
2022-09-29 | CVE-2020-15342 | Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. | 5.3 |
2022-09-29 | CVE-2020-15343 | Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. | 5.3 |
2022-09-29 | CVE-2020-15344 | Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. | 5.3 |
2022-09-29 | CVE-2020-15345 | Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. | 5.3 |
2022-09-29 | CVE-2020-15346 | Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. | 5.3 |
2022-09-13 | CVE-2022-39014 | Missing Encryption of Sensitive Data vulnerability in SAP Businessobjects Business Intelligence Platform 430 Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted. | 5.3 |
2022-08-01 | CVE-2022-34307 | Missing Encryption of Sensitive Data vulnerability in IBM Cics TX 11.1 IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |