Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-21 | CVE-2021-23233 | Use of Hard-coded Credentials vulnerability in Fresenius-Kabi products Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. | 9.8 |
| 2022-01-21 | CVE-2021-44464 | Use of Hard-coded Credentials vulnerability in Fresenius-Kabi products Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely to be common across all instances. | 8.8 |
| 2022-01-21 | CVE-2022-22928 | Use of Hard-coded Credentials vulnerability in Mingsoft Mcms 5.2.4 MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code. | 9.8 |
| 2022-01-19 | CVE-2021-23842 | Use of Hard-coded Credentials vulnerability in Bosch products Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. | 7.1 |
| 2022-01-17 | CVE-2022-0131 | Use of Hard-coded Credentials vulnerability in Jmty Jimoty Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. | 3.3 |
| 2022-01-14 | CVE-2022-22056 | Use of Hard-coded Credentials vulnerability in Le-Yan Dental Management System Project Le-Yan Dental Management System 2.8.5 The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service. | 9.8 |
| 2022-01-11 | CVE-2021-43052 | Use of Hard-coded Credentials vulnerability in Tibco FTL The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. | 7.5 |
| 2022-01-11 | CVE-2022-21669 | Use of Hard-coded Credentials vulnerability in Puddingbot Project Puddingbot PuddingBot is a group management bot. | 7.5 |
| 2022-01-11 | CVE-2021-45033 | Use of Hard-coded Credentials vulnerability in Siemens products A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). | 8.8 |
| 2022-01-10 | CVE-2022-22845 | Use of Hard-coded Credentials vulnerability in Qxip Homer Webapp QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations. | 9.8 |