Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2022-04-29 CVE-2022-29856 Use of Hard-coded Credentials vulnerability in Automationanywhere Automation 360 22
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages.
network
low complexity
automationanywhere CWE-798
7.5
2022-04-27 CVE-2021-34601 Use of Hard-coded Credentials vulnerability in Bender Cc612 Firmware and Icc15Xx Firmware
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials.
network
low complexity
bender CWE-798
critical
9.8
2022-04-26 CVE-2022-23942 Use of Hard-coded Credentials vulnerability in Apache Doris
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
network
low complexity
apache CWE-798
7.5
2022-04-25 CVE-2021-45841 Use of Hard-coded Credentials vulnerability in Terra-Master TOS 4.2.152107141517
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash.
network
high complexity
terra-master CWE-798
8.1
2022-04-22 CVE-2022-26672 Use of Hard-coded Credentials vulnerability in Asus Webstorage 3.10.1
ASUS WebStorage has a hardcoded API Token in the APP source code.
network
low complexity
asus CWE-798
critical
9.8
2022-04-21 CVE-2022-20773 Use of Hard-coded Credentials vulnerability in Cisco Umbrella
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA.
network
high complexity
cisco CWE-798
8.1
2022-04-20 CVE-2022-24860 Use of Hard-coded Credentials vulnerability in Databasir Project Databasir 1.0.1
Databasir is a team-oriented relational database model document management platform.
network
low complexity
databasir-project CWE-798
critical
9.8
2022-04-18 CVE-2022-28810 Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature.
network
low complexity
zohocorp CWE-798
6.8
2022-04-14 CVE-2021-40390 Use of Hard-coded Credentials vulnerability in Moxa Mxview 3.2.4
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4.
network
low complexity
moxa CWE-798
critical
9.8
2022-04-13 CVE-2022-27506 Use of Hard-coded Credentials vulnerability in Citrix products
Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI
network
low complexity
citrix CWE-798
2.7