Security Bulletin: IBM Robotic Process Automation is vulnerable to insufficiently protected access tokens (CVE-2022-22412)

Summary Security Bulletin: IBM Robotic Process Automation is vulnerable to insufficiently protected access tokens CVE-2022-22412 Vulnerability Details CVEID:CVE-2022-22412 DESCRIPTION: IBM Robotic Process Automation could allow a user with access to the local host client machine to obtain a login...

CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...

CVE-2024-34882

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request...

CVE-2024-43812 Kieback&Peter DDC4000 Series Path Traversal Insufficiently Protected Credentials

Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system...

CVE-2024-27109 Insufficiently protected credentials in GE HealthCare EchoPAC products

Insufficiently protected credentials in GE HealthCare EchoPAC products...

CVE-2023-23370 QVPN Device Client

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have...

CVE-2022-40685

Insufficiently protected credentials in the IntelR DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access...

CVE-2023-24506 Milesight NCR/Camera CWE-522: Insufficiently Protected Credentials

Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request...

CVE-2023-1518

CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected...

Default credentials

Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldapserveredit.php...

CVE-2016-15014

A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials...

Amazon Linux AMI : curl (ALAS-2022-1646)

The version of curl installed on the remote host is prior to 7.61.1-12.101. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1646 advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly...

Design/Logic Flaw

Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Clou...

CVE-2022-42445 HCL Launch is vulnerable to Insufficiently Protected LDAP Search Credentials (CVE-2022-42445)

HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2341)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...

CVE-2021-36783 Rancher: Failure to properly sanitize credentials in cluster template answers

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...

CVE-2022-33169

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888...

CVE-2021-22640 Ovarro TBox Insufficiently Protected Credentials

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks...

GHSA-5MXG-P5QH-2GCH Jenkins Deployment Dashboard Plugin has Insufficiently Protected Credentials

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials...