Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-26 | CVE-2019-4694 | Use of Hard-coded Credentials vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
| 2020-08-26 | CVE-2020-3446 | Use of Hard-coded Credentials vulnerability in Cisco products A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. | 7.5 |
| 2020-08-25 | CVE-2020-14510 | Use of Hard-coded Credentials vulnerability in Secomea Gatemanager 8250 Firmware 9.2C GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. | 10.0 |
| 2020-08-21 | CVE-2020-24574 | Use of Hard-coded Credentials vulnerability in GOG Galaxy The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. | 6.9 |
| 2020-08-11 | CVE-2020-16170 | Use of Hard-coded Credentials vulnerability in Robotemi Temi 1.3.3/1.3.7931 Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors. | 7.5 |
| 2020-08-06 | CVE-2020-13793 | Use of Hard-coded Credentials vulnerability in Ivanti DSM Netinst 5.1 Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. | 7.5 |
| 2020-08-06 | CVE-2020-7352 | Use of Hard-coded Credentials vulnerability in GOG Galaxy The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. | 7.2 |
| 2020-08-04 | CVE-2020-4459 | Use of Hard-coded Credentials vulnerability in IBM Security Secret Server 10.7/10.7.000059 IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
| 2020-07-31 | CVE-2020-3382 | Use of Hard-coded Credentials vulnerability in Cisco Data Center Network Manager A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. | 10.0 |
| 2020-07-29 | CVE-2019-20025 | Use of Hard-coded Credentials vulnerability in NEC Sv9100 Firmware Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. | 10.0 |