364 matches found
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials through the TokenReview API and PolicyBinding resource. An attacker can escalate privileges and potentially access sensitive data by exploiting the improper validation of service account tokens and...
CVE-2025-22372 Insecure password storage in SicommNet BASEC
Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue affects BASEC: from 14...
CVE-2025-22372 Insecure password storage in SicommNet BASEC
Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue affects BASEC: from 14...
PT-2025-16254 · Unknown · Sicommnet Basec
Name of the Vulnerable Software and Affected Versions: SicommNet BASEC versions from 14 Dec 2021 Description: The issue is related to insufficiently protected credentials, allowing password recovery. Passwords are stored in plain text using reversible encryption, which enables an attacker with...
CVE-2025-27192
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to...
Insufficiently Protected Credentials
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Insufficiently Protected Credentials. An attacker can gain unauthorized access to sensitive information by obtaining insufficiently protected credentials. Remediation Upgra...
GHSA-2R94-WM5V-4PRX Magento does not properly protect credentials
Magento versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protect...
CVE-2025-27192 Adobe Commerce | Insufficiently Protected Credentials (CWE-522)
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to...
CVE-2025-27192
CVE-2025-27192 affects Adobe Commerce/Magento: versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause: Insufficiently Protected Credentials that could allow an attacker with elevated privileges to obtain sensitive credential information and bypass security features...
CVE-2025-27192 Adobe Commerce | Insufficiently Protected Credentials (CWE-522)
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to...
CVE-2025-2908
CVE-2025-2908 concerns MeetMe products with a vulnerability in the call forwarding configuration module where credentials can be exposed via configuration files in versions prior to 2024-09. This is supported by multiple sources in the connected set (NVD/Red Hat/CIRC L/NVD entries). Impact stated...
CVE-2024-12799 Insufficiently Protected Credentials
Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects...
CVE-2024-12799 Insufficiently Protected Credentials
Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects...
PT-2025-9833 · Opentext · Opentext Identity Manager Advanced Edition
Name of the Vulnerable Software and Affected Versions: OpenText Identity Manager Advanced Edition versions 4.8.0.0 through 4.9.0.0 Description: The issue is related to insufficiently protected credentials, allowing an authenticated user to obtain higher privileged user’s sensitive information via...
Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download (CVE-2024-41771) and Archive File Download (CVE-2024-41770)
Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download CVE-2024-41771 and Archive File Download CVE-2024-41770. Vulnerability Details CVEID:CVE-2024-41770 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a remote attacker to...
Insufficiently Protected Credentials
leantime/leantime is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper cache control where an attacker can view sensitive information even if they are not logged into the account anymore...
VulnCheck KEV: CVE-2024-44000
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to improper cache control. An attacker can view sensitive information even if they are not logged into the account anymore. Remediation Upgrade leantime/leantime to version 3.3 or higher...
GHSA-H6W8-27PH-C385 Leantime has Insufficiently Protected Credentials
Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore. Additional Information: 1.The issue was identified during routine security testing. 2.This vulnerability poses a significant risk to user privacy and data security...
CVE-2024-37362 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...