Vulnerabilities (CVE)

Filtered by CWE-312
Total 640 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6648 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 4.0 MEDIUM 5.3 MEDIUM
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.
CVE-2020-5899 1 F5 1 Nginx Controller 2024-11-21 4.6 MEDIUM 7.8 HIGH
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code.
CVE-2020-5805 1 Marvell 1 Qconvergeconslole Gui 2024-11-21 9.0 HIGH 8.8 HIGH
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.
CVE-2020-5723 1 Grandstream 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.
CVE-2020-5018 2 Ibm, Linux 2 Spectrum Protect Plus, Linux Kernel 2024-11-21 5.0 MEDIUM 7.5 HIGH
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.
CVE-2020-4980 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2024-11-21 3.3 LOW 6.5 MEDIUM
IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539.
CVE-2020-4944 1 Ibm 1 Urbancode Deploy 2024-11-21 2.1 LOW 5.5 MEDIUM
IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.
CVE-2020-4884 1 Ibm 1 Urbancode Deploy 2024-11-21 2.1 LOW 5.5 MEDIUM
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.
CVE-2020-4843 2 Ibm, Microsoft 2 Security Secret Server, Windows 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048.
CVE-2020-4619 1 Ibm 1 Data Risk Manager 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.
CVE-2020-4604 2 Ibm, Linux 2 Security Guardium Insights, Linux Kernel 2024-11-21 2.1 LOW 4.4 MEDIUM
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.
CVE-2020-4369 1 Ibm 1 Verify Gateway 2024-11-21 2.1 LOW 5.5 MEDIUM
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.
CVE-2020-4224 1 Ibm 1 Storediq 2024-11-21 2.1 LOW 5.5 MEDIUM
IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133.
CVE-2020-4189 2 Ibm, Linux 2 Security Guardium, Linux Kernel 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850.
CVE-2020-4095 1 Hcltech 1 Bigfix Platform 2024-11-21 2.1 LOW 6.0 MEDIUM
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access."
CVE-2020-3935 1 Secom 2 Dr.id Access Control, Dr.id Attendance System 2024-11-21 5.0 MEDIUM 7.5 HIGH
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.
CVE-2020-3921 1 Unisoon 2 Ultralog Express, Ultralog Express Firmware 2024-11-21 5.0 MEDIUM 8.6 HIGH
UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page.
CVE-2020-36473 1 Ucweb 1 Ucweb Uc 2024-11-21 4.3 MEDIUM 3.7 LOW
UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs.
CVE-2020-35658 1 Titanhq 1 Spamtitan 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.
CVE-2020-35455 1 Taidii 1 Diibear 2024-11-21 2.1 LOW 7.8 HIGH
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage.