Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2022-01-12 CVE-2022-23116 Missing Encryption of Sensitive Data vulnerability in Jenkins Conjur Secrets
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.
network
low complexity
jenkins CWE-311
7.5
2022-01-10 CVE-2020-9057 Missing Encryption of Sensitive Data vulnerability in multiple products
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device.
low complexity
linear silabs CWE-311
8.8
2022-01-10 CVE-2020-9058 Missing Encryption of Sensitive Data vulnerability in multiple products
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.
low complexity
silabs jasco dome linear CWE-311
8.1
2021-12-10 CVE-2021-37189 Missing Encryption of Sensitive Data vulnerability in Digi products
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4.
network
low complexity
digi CWE-311
7.5
2021-12-09 CVE-2021-36189 Missing Encryption of Sensitive Data vulnerability in Fortinet Forticlient Enterprise Management Server
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data
network
low complexity
fortinet CWE-311
4.9
2021-12-08 CVE-2021-37050 Missing Encryption of Sensitive Data vulnerability in Huawei Emui, Harmonyos and Magic UI
There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
network
low complexity
huawei CWE-311
7.5
2021-11-15 CVE-2021-38977 Missing Encryption of Sensitive Data vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-311
4.3
2021-10-27 CVE-2021-35236 Missing Encryption of Sensitive Data vulnerability in Solarwinds Kiwi Syslog Server
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions.
network
low complexity
solarwinds CWE-311
5.3
2021-10-21 CVE-2021-29883 Missing Encryption of Sensitive Data vulnerability in IBM Transformation Extender Advanced
IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-311
4.3
2021-10-14 CVE-2021-3882 Missing Encryption of Sensitive Data vulnerability in Ledgersmb
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy.
network
high complexity
ledgersmb CWE-311
6.8