Total
119 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35765 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | 6.5 Medium |
| PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials. | ||||
| CVE-2023-35067 | 1 Infodrom | 1 E-invoice Approval System | 2024-11-21 | 7.5 High |
| Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701. | ||||
| CVE-2023-27315 | 1 Netapp | 1 Snapgathers | 2024-11-21 | 6.5 Medium |
| SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials | ||||
| CVE-2023-26204 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 3.6 Low |
| A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. | ||||
| CVE-2022-47561 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-11-21 | 7.3 High |
| The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions. | ||||
| CVE-2022-43958 | 1 Siemens | 1 Qms Automotive | 2024-11-21 | 7.6 High |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users. | ||||
| CVE-2022-41732 | 1 Ibm | 1 Maximo Application Suite | 2024-11-21 | 6.2 Medium |
| IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407. | ||||
| CVE-2022-3644 | 2 Pulpproject, Redhat | 5 Pulp Ansible, Ansible Automation Platform, Satellite and 2 more | 2024-11-21 | 5.5 Medium |
| The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | ||||
| CVE-2022-3287 | 2 Fwupd, Redhat | 3 Fwupd, Enterprise Linux, Rhel Eus | 2024-11-21 | 6.5 Medium |
| When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. | ||||
| CVE-2022-3261 | 1 Redhat | 2 Openstack, Openstack Platform | 2024-11-21 | 4.4 Medium |
| A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem. | ||||
| CVE-2022-36308 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-11-21 | 9.1 Critical |
| Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models. | ||||
| CVE-2022-33928 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 6.4 Medium |
| Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | ||||
| CVE-2022-31044 | 1 Pagerduty | 1 Rundeck | 2024-11-21 | 7.5 High |
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintext to the backend storage. This affects those using any `Storage Converter` plugin. Rundeck 4.3.1 and 4.2.2 have fixed the code and upon upgrade will re-encrypt any plain text values. Version 4.3.0 does not have the vulnerability, but does not include the patch to re-encrypt plain text values if 4.2.0 or 4.2.1 were used. To prevent plaintext credentials from being stored in Rundeck 4.2.0/4.2.1, write access to key storage can be disabled via ACLs. After upgrading to 4.3.1 or later, write access can be restored. | ||||
| CVE-2022-29085 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 6.4 Medium |
| Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | ||||
| CVE-2022-27548 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | 4.9 Medium |
| HCL Launch stores user credentials in plain clear text which can be read by a local user. | ||||
| CVE-2022-22557 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2024-11-21 | 7.5 High |
| PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | ||||
| CVE-2022-22554 | 1 Dell | 1 Emc System Update | 2024-11-21 | 8.2 High |
| Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords. | ||||
| CVE-2022-22458 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | 6.3 Medium |
| IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009. | ||||
| CVE-2022-1794 | 2 Codesys, Microsoft | 2 Opc Da Server, Windows | 2024-11-21 | 5.5 Medium |
| The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system. | ||||
| CVE-2022-0555 | 2024-11-21 | 8.4 High | ||
| Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions | ||||