Filtered by CWE-522
Total 1109 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-36309 1 Dell 1 Enterprise Sonic Os 2024-11-21 7.1 High
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.
CVE-2021-36204 1 Johnsoncontrols 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server 2024-11-21 7.8 High
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.
CVE-2021-36178 1 Fortinet 1 Fortisdnconnector 2024-11-21 4.3 Medium
A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup.
CVE-2021-36170 1 Fortinet 2 Fortianalyzer, Fortimanager 2024-11-21 3.2 Low
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.
CVE-2021-35965 1 Learningdigital 1 Orca Hcm 2024-11-21 9.8 Critical
The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.
CVE-2021-35529 1 Hitachienergy 2 Counterparty Settlement And Billing, Retail Operations 2024-11-21 7.7 High
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.
CVE-2021-35527 1 Hitachienergy 1 Esoms 2024-11-21 7.5 High
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.
CVE-2021-35050 1 Fidelissecurity 2 Deception, Network 2024-11-21 6.5 Medium
User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions.
CVE-2021-34733 1 Cisco 2 Evolved Programmable Network Manager, Prime Infrastructure 2024-11-21 5.5 Medium
A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system.
CVE-2021-34700 1 Cisco 2 Catalyst Sd-wan Manager, Sd-wan Vmanage 2024-11-21 5.5 Medium
A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficiently controlled. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the web UI of an affected system.
CVE-2021-34560 1 Pepperl-fuchs 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more 2024-11-21 5.5 Medium
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
CVE-2021-34204 1 Dlink 2 Dir-2640-us, Dir-2640-us Firmware 2024-11-21 6.8 Medium
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.
CVE-2021-34075 1 Artica 1 Pandora Fms 2024-11-21 5.9 Medium
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
CVE-2021-33589 1 Ribose 1 Rnp 2024-11-21 7.5 High
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm.
CVE-2021-33107 1 Intel 446 Active Management Technology Software Development Kit, B150, B250 and 443 more 2024-11-21 4.6 Medium
Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.
CVE-2021-33024 1 Philips 4 Myvue, Speech, Vue Motion and 1 more 2024-11-21 3.7 Low
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.
CVE-2021-32978 1 Automationdirect 40 C0-10are-d, C0-10are-d Firmware, C0-10dd1e-d and 37 more 2024-11-21 7.5 High
The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00.
CVE-2021-32770 1 Gatsbyjs 1 Gatsby-source-wordpress 2024-11-21 7.5 High
Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. A patch has been introduced in gatsby-source-wordpress@4.0.8 and gatsby-source-wordpress@5.9.2 which mitigates the issue by filtering all variables specified in the `auth: { }` section. Users that depend on this functionality are advised to upgrade to the latest release of gatsby-source-wordpress, run `gatsby clean` followed by a `gatsby build`. One may manually edit the app.js file post-build as a workaround.
CVE-2021-32039 1 Mongodb 1 Mongodb 2024-11-21 5.5 Medium
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0
CVE-2021-32003 1 Secomea 2 Sitemanager, Sitemanager Firmware 2024-11-21 8 High
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.