Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2022-09-29 CVE-2020-15330 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15331 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
network
low complexity
zyxel CWE-311
critical
 9.8
9.8
2022-09-29 CVE-2020-15340 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.
network
low complexity
zyxel CWE-311
7.5
7.5
2022-09-29 CVE-2020-15342 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15343 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15344 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15345 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15346 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-13 CVE-2022-39014 Missing Encryption of Sensitive Data vulnerability in SAP Businessobjects Business Intelligence Platform 430
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.
network
low complexity
sap CWE-311
5.3
5.3
2022-08-01 CVE-2022-34307 Missing Encryption of Sensitive Data vulnerability in IBM Cics TX 11.1
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-311
4.3
4.3