Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2022-09-29 CVE-2020-15340 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.
network
low complexity
zyxel CWE-311
7.5
7.5
2022-09-29 CVE-2020-15342 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15343 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15344 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15345 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15346 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-21 CVE-2022-3250 Missing Encryption of Sensitive Data vulnerability in Ikus-Soft Rdiffweb
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6.
network
low complexity
ikus-soft CWE-311
5.3
5.3
2022-09-21 CVE-2022-3251 Missing Encryption of Sensitive Data vulnerability in Ikus-Soft Minarca
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2.
network
low complexity
ikus-soft CWE-311
5.3
5.3
2022-09-13 CVE-2022-39014 Missing Encryption of Sensitive Data vulnerability in SAP Businessobjects Business Intelligence Platform 430
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.
network
low complexity
sap CWE-311
5.3
5.3
2022-09-13 CVE-2022-3174 Missing Encryption of Sensitive Data vulnerability in Ikus-Soft Rdiffweb
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2.
network
low complexity
ikus-soft CWE-311
7.5
7.5