Insufficiently Protected Credentials

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Insufficiently Protected Credentials. An attacker can gain unauthorized access to sensitive information by obtaining insufficiently protected credentials. Remediation Upgra...

CVE-2025-27192 Adobe Commerce | Insufficiently Protected Credentials (CWE-522)

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to...

CVE-2025-27192 Adobe Commerce | Insufficiently Protected Credentials (CWE-522)

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to...

CVE-2025-27192

CVE-2025-27192 affects Adobe Commerce/Magento: versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause: Insufficiently Protected Credentials that could allow an attacker with elevated privileges to obtain sensitive credential information and bypass security features...

CVE-2025-2908

CVE-2025-2908 concerns MeetMe products with a vulnerability in the call forwarding configuration module where credentials can be exposed via configuration files in versions prior to 2024-09. This is supported by multiple sources in the connected set (NVD/Red Hat/CIRC L/NVD entries). Impact stated...

CVE-2024-12799 Insufficiently Protected Credentials

Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects...

CVE-2024-12799 Insufficiently Protected Credentials

Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects...

PT-2025-9833 · Opentext · Opentext Identity Manager Advanced Edition

Name of the Vulnerable Software and Affected Versions: OpenText Identity Manager Advanced Edition versions 4.8.0.0 through 4.9.0.0 Description: The issue is related to insufficiently protected credentials, allowing an authenticated user to obtain higher privileged user’s sensitive information via...

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download (CVE-2024-41771) and Archive File Download (CVE-2024-41770)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download CVE-2024-41771 and Archive File Download CVE-2024-41770. Vulnerability Details CVEID:CVE-2024-41770 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a remote attacker to...

Insufficiently Protected Credentials

leantime/leantime is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper cache control where an attacker can view sensitive information even if they are not logged into the account anymore...

VulnCheck KEV: CVE-2024-44000

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...

GHSA-H6W8-27PH-C385 Leantime has Insufficiently Protected Credentials

Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore. Additional Information: 1.The issue was identified during routine security testing. 2.This vulnerability poses a significant risk to user privacy and data security...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to improper cache control. An attacker can view sensitive information even if they are not logged into the account anymore. Remediation Upgrade leantime/leantime to version 3.3 or higher...

CVE-2024-37362 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...

CVE-2024-21815

Insufficiently protected credentials CWE-522 for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to vEL8.90.1751 MR3, 8.80 prior to vEL8.80.152...

CVE-2024-4228

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO Single Sign On allows SQL Injection. This issue...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the manipulation of datastreams. An attacker can read local files by exploiting the default credentials and privileges of the service account fedoraIntCallUser. Remediation Upgrade...

Insufficiently Protected Credentials

GoPhish is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper handling of mail server credentials due to storing cleartext passwords for the configured IMAP and SMTP servers, exposing sensitive information to attackers...

GHSA-RV83-H68Q-C4WQ GoPhish sends cleartext passwords

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

CVE-2022-33954 IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials...