Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-522

CWE-522

Insufficiently Protected Credentials

Parent: CWE-1390 - Weak Authentication

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

1,360 vulnerabilities with CWE-522

CVE-2021-38938 MEDIUM

IBM HATS <9.6.1.4, <9.7.0.3 - Info Disclosure

CVE-2021-33589 HIGH

Ribose RNP <0.15.1 - Info Disclosure

CVE-2021-36204 HIGH

Johnsoncontrols Metasys Application And Data Server < 10.1.6 - Insufficiently Protected Credentials

CVE-2021-36783 CRITICAL

SUSE Rancher 2.5.0-2.5.12 - Authenticated Cleartext Credential Exposure via API Endpoints

CVE-2021-39045 MEDIUM

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 - Insufficiently Protected Credentials via Autocomplete Feature

CVE-2021-20260 HIGH

Foreman - Insufficiently Protected Credentials via Datacenter Plugin API

CVE-2021-43767 MEDIUM

PostgreSQL 9.6.0-9.6.23 - Improper Certificate Validation

CVE-2021-3513 HIGH

Keycloak - Confidentiality Info Disclosure

CVE-2021-27785 LOW

HCL Commerce 9.0.1-9.0.1.17 - Insufficiently Protected Credentials

CVE-2021-22640 HIGH

Ovarro TBox < 1.46 - Insufficiently Protected Credentials via Communication Capture

CVE-2021-46440 HIGH

Strapi <3.6.9-4.1.5 - Info Disclosure

CVE-2021-3681 MEDIUM

Ansible Galaxy Collections - Insufficiently Protected Credentials via Build Ignore List

CVE-2021-45892 MEDIUM

Softwarebuero Zauner ARC 4.2.0.4 - Info Disclosure

CVE-2021-32978 HIGH

Automation Direct CLICK PLC CPU <v3.00 - Info Disclosure

CVE-2021-33024 LOW

Philips Vue PACS <12.2 - Info Disclosure

CVE-2021-39046 MEDIUM

IBM Business Automation Workflow 18.0-21.0 and Business Process Manager 8.5-8.6 - Insufficiently Protected Credentials

CVE-2021-23222 MEDIUM

PostgreSQL 9.6 - SSL Certificate Verification Man-in-the-Middle Injection

CVE-2021-22798 HIGH

Conext ComBox Firmware - Insufficiently Protected Credentials

CVE-2021-33107 MEDIUM

Intel(R) AMT SDK <16.0.3 - Info Disclosure

CVE-2021-40360 HIGH

SIMATIC PCS 7 & WinCC - Info Disclosure

CVE-2021-44451 MEDIUM

Apache Superset <= 1.3.2 - Authenticated Database Connection Password Exposure

CVE-2021-23207 MEDIUM

Fresenius Kabi Vigilant MasterMed <2.0.1.3 - Info Disclosure

CVE-2021-23196 HIGH

Agilia Link+ <3.0 - Info Disclosure

CVE-2021-32039 MEDIUM

MongoDB Extension for VS Code <= 0.7.0 - Insufficiently Protected Credentials

CVE-2021-20164 MEDIUM

Trendnet TEW-827DRU 2.08B01 - Unprotected Credential Exposure via smbserver.asp Page

Previous Page 26 of 55 Next

Details

Vulnerabilities 1,360

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy