Lucene search
+L

364 matches found

snyk
snyk
added 2025/04/21 10:51 p.m.3 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials through the TokenReview API and PolicyBinding resource. An attacker can escalate privileges and potentially access sensitive data by exploiting the improper validation of service account tokens and...

7.2CVSS7.1AI score0.00573EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/04/14 3:32 p.m.18 views

CVE-2025-22372 Insecure password storage in SicommNet BASEC

Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue affects BASEC: from 14...

9.3CVSS6.9AI score0.00191EPSS
Exploits0References3
cvelist
cvelist
added 2025/04/14 3:32 p.m.42 views

CVE-2025-22372 Insecure password storage in SicommNet BASEC

Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue affects BASEC: from 14...

9.3CVSS0.00191EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/04/14 12:0 a.m.5 views

PT-2025-16254 · Unknown · Sicommnet Basec

Name of the Vulnerable Software and Affected Versions: SicommNet BASEC versions from 14 Dec 2021 Description: The issue is related to insufficiently protected credentials, allowing password recovery. Passwords are stored in plain text using reversible encryption, which enables an attacker with...

9.3CVSS6AI score0.00191EPSS
Exploits0References10
redhatcve
redhatcve
added 2025/04/11 3:36 a.m.28 views

CVE-2025-27192

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to...

2.7CVSS6.7AI score0.00461EPSS
Exploits0References3
snyk
snyk
added 2025/04/08 9:31 p.m.2 views

Insufficiently Protected Credentials

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Insufficiently Protected Credentials. An attacker can gain unauthorized access to sensitive information by obtaining insufficiently protected credentials. Remediation Upgra...

5.1CVSS6.4AI score0.00461EPSS
Exploits0References2
osv
osv
added 2025/04/08 9:31 p.m.4 views

GHSA-2R94-WM5V-4PRX Magento does not properly protect credentials

Magento versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protect...

2.7CVSS6.5AI score0.00461EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/04/08 8:17 p.m.8 views

CVE-2025-27192 Adobe Commerce | Insufficiently Protected Credentials (CWE-522)

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to...

2.7CVSS6.9AI score0.00461EPSS
Exploits0References1
cve
cve
added 2025/04/08 8:17 p.m.71 views

CVE-2025-27192

CVE-2025-27192 affects Adobe Commerce/Magento: versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause: Insufficiently Protected Credentials that could allow an attacker with elevated privileges to obtain sensitive credential information and bypass security features...

2.7CVSS6.9AI score0.00461EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/04/08 8:17 p.m.13 views

CVE-2025-27192 Adobe Commerce | Insufficiently Protected Credentials (CWE-522)

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to...

2.7CVSS0.00461EPSS
Exploits0References1
cve
cve
added 2025/03/28 12:32 p.m.55 views

CVE-2025-2908

CVE-2025-2908 concerns MeetMe products with a vulnerability in the call forwarding configuration module where credentials can be exposed via configuration files in versions prior to 2024-09. This is supported by multiple sources in the connected set (NVD/Red Hat/CIRC L/NVD entries). Impact stated...

8.5CVSS7.2AI score0.00172EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/03/05 2:55 p.m.3 views

CVE-2024-12799 Insufficiently Protected Credentials

Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects...

10CVSS6.6AI score0.0036EPSS
Exploits0References1
cvelist
cvelist
added 2025/03/05 2:55 p.m.12 views

CVE-2024-12799 Insufficiently Protected Credentials

Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects...

10CVSS0.0036EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/03/05 12:0 a.m.9 views

PT-2025-9833 · Opentext · Opentext Identity Manager Advanced Edition

Name of the Vulnerable Software and Affected Versions: OpenText Identity Manager Advanced Edition versions 4.8.0.0 through 4.9.0.0 Description: The issue is related to insufficiently protected credentials, allowing an authenticated user to obtain higher privileged user’s sensitive information via...

10CVSS5.7AI score0.0036EPSS
Exploits0References16
ibm
ibm
added 2025/03/03 1:31 p.m.8 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download (CVE-2024-41771) and Archive File Download (CVE-2024-41770)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download CVE-2024-41771 and Archive File Download CVE-2024-41770. Vulnerability Details CVEID:CVE-2024-41770 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a remote attacker to...

7.5CVSS6.7AI score0.00442EPSS
Exploits0Affected Software1
veracode
veracode
added 2025/02/27 8:2 a.m.5 views

Insufficiently Protected Credentials

leantime/leantime is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper cache control where an attacker can view sensitive information even if they are not logged into the account anymore...

6.6AI score
Exploits0
vulncheck_kev
vulncheck_kev
added 2025/02/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-44000

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...

9.8CVSS5.8AI score0.83178EPSS
Exploits7References1
snyk
snyk
added 2025/02/21 10:15 p.m.4 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to improper cache control. An attacker can view sensitive information even if they are not logged into the account anymore. Remediation Upgrade leantime/leantime to version 3.3 or higher...

5.7CVSS6.6AI score
Exploits0References2
osv
osv
added 2025/02/21 10:15 p.m.7 views

GHSA-H6W8-27PH-C385 Leantime has Insufficiently Protected Credentials

Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore. Additional Information: 1.The issue was identified during routine security testing. 2.This vulnerability poses a significant risk to user privacy and data security...

5.7CVSS6.7AI score
Exploits0References2
cvelist
cvelist
added 2025/02/19 11:34 p.m.13 views

CVE-2024-37362 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...

6.3CVSS0.00265EPSS
Exploits0References1
Rows per page
Query Builder