CVE-2023-31187
6.5MEDIUM
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials
5/30/2023CWE-522, CWE-522
Schwachstellentyp
CWE-522
Alle CVE-Schwachstellen, die unter diesen Schwachstellentyp fallen.
Auf MITRE CWE ansehenGesamt CVEs
50
Kritisch
1
In KEV
0
Mit Exploits
0
CVE-2023-28084
5.5MEDIUM
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
4/25/2023CWE-522, CWE-522 +1
CVE-2023-24506
7.5HIGH
Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request.
Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request.
5/8/2023CWE-522, CWE-522 +1
CVE-2022-27560
6.0MEDIUM
HCL VersionVault Express exposes administrator credentials.
HCL VersionVault Express exposes administrator credentials.
8/30/2022CWE-522, CWE-522
CVE-2023-23463
5.3MEDIUM
Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request.
Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request.
2/15/2023CWE-522, CWE-522
CVE-2023-28090
5.5MEDIUM
An HPE OneView appliance dump may expose SNMPv3 read credentials
An HPE OneView appliance dump may expose SNMPv3 read credentials
4/25/2023CWE-522, CWE-522
CVE-2023-28088
7.8HIGH
An HPE OneView appliance dump may expose SAN switch administrative credentials
An HPE OneView appliance dump may expose SAN switch administrative credentials
4/25/2023CWE-522, CWE-522
CVE-2023-23466
6.5MEDIUM
Media CP Media Control Panel latest version. Insufficiently protected credential change.
Media CP Media Control Panel latest version. Insufficiently protected credential change.
2/15/2023CWE-522, CWE-522
CVE-2022-45859
4.1MEDIUM
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a loca
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a loca...
5/3/2023CWE-522, CWE-522
CVE-2021-22798
7.5HIGH
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext� ComBox
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext� ComBox...
2/11/2022CWE-522
CVE-2023-28089
7.1HIGH
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
4/25/2023CWE-522, CWE-522
CVE-2022-27544
5.0MEDIUM
BigFix Web Reports authorized users may see SMTP credentials in clear text.
BigFix Web Reports authorized users may see SMTP credentials in clear text.
7/19/2022CWE-522, CWE-522
CVE-2024-21815
9.1CRITICAL
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Co
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Co...
3/5/2024CWE-522, CWE-522
CVE-2023-27975
7.1HIGH
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of ...
2/14/2024CWE-522
CVE-2024-39879
5.0MEDIUM
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings
7/1/2024CWE-522, CWE-522
CVE-2024-39878
4.1MEDIUM
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection
7/1/2024CWE-522, CWE-522
CVE-2024-38505
5.3MEDIUM
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
6/18/2024CWE-522, CWE-522
CVE-2023-32268
7.2HIGH
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
12/6/2023CWE-522, CWE-522
CVE-2023-43905
7.5HIGH
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors.
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors.
10/26/2023CWE-522, CWE-522
CVE-2022-32520
8.0HIGH
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique...
1/30/2023CWE-522
CVE-2022-32518
8.0HIGH
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique...
1/30/2023CWE-522
CVE-2023-25407
7.2HIGH
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials.
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials.
4/11/2023CWE-522, CWE-522
CVE-2024-37362
6.3MEDIUM
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522) Hitachi Vantara Pentaho
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522) Hitachi Vantara Pentaho...
2/20/2025CWE-522
CVE-2022-22998
8.0HIGH
Implemented protections on AWS credentials that were not properly protected.
Implemented protections on AWS credentials that were not properly protected.
7/12/2022CWE-522, CWE-522
CVE-2019-11820
5.5MEDIUM
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.
5/9/2019CWE-522, CWE-522
CVE-2023-25413
7.5HIGH
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials.
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials.
4/11/2023CWE-522, CWE-522
CVE-2020-8259
8.1HIGH
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.
11/16/2020CWE-522, CWE-522
CVE-2023-1518
7.8HIGH
CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected.
CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected.
3/28/2023CWE-522, CWE-522
CVE-2022-1026
8.6HIGH
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address...
4/4/2022CWE-522, CWE-522
CVE-2024-34883
4.9MEDIUM
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.
11/4/2024CWE-522, CWE-522
CVE-2024-24595
6.0MEDIUM
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
2/5/2024CWE-522, CWE-522
CVE-2023-50125
5.9MEDIUM
A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state.
A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state.
1/11/2024CWE-522, CWE-522
CVE-2023-29447
5.7MEDIUM
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.
1/10/2024CWE-522, CWE-522
CVE-2021-33589
7.5HIGH
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm.
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm.
4/21/2023CWE-522, CWE-522
CVE-2023-25760
8.8HIGH
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload
4/19/2023CWE-522, CWE-522
CVE-2022-48433
6.1MEDIUM
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
3/29/2023CWE-522, CWE-522
CVE-2023-25191
7.5HIGH
AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00.
AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00.
2/15/2023CWE-522, CWE-522
CVE-2023-3251
4.1MEDIUM
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: b
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: b...
8/29/2023CWE-522, CWE-522
CVE-2022-40685
6.5MEDIUM
Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access.
Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access.
5/10/2023CWE-522, CWE-522
CVE-2022-30944
5.5MEDIUM
Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.
Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.
8/18/2022CWE-522, CWE-522
CVE-2022-30296
7.5HIGH
Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network ac
Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network ac...
8/18/2022CWE-522, CWE-522
CVE-2022-29507
5.5MEDIUM
Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access.
Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access.
8/18/2022CWE-522, CWE-522
CVE-2022-26844
7.8HIGH
Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
8/18/2022CWE-522, CWE-522
CVE-2020-8152
4.4MEDIUM
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.
11/16/2020CWE-522, CWE-522
CVE-2017-7524
7.5HIGH
tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.
tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.
6/27/2017CWE-522, CWE-522
CVE-2025-35941
5.5MEDIUM
A password is exposed locally.
A password is exposed locally.
6/11/2025CWE-522
CVE-2020-28219
7.8HIGH
A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoS
A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoS...
12/11/2020CWE-522
CVE-2024-34882
4.9MEDIUM
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request.
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request.
11/4/2024CWE-522, CWE-522
CVE-2018-16153
7.5HIGH
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.
12/12/2023CWE-522, CWE-522
CVE-2023-33263
7.5HIGH
In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006.
In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006.
5/25/2023CWE-522, CWE-522
Zeige 50 von many CVEs