Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-522

CWE-522

Insufficiently Protected Credentials

Parent: CWE-1390 - Weak Authentication

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

1,360 vulnerabilities with CWE-522

CVE-2021-27495 HIGH

Ypsomed mylife <1.7.2-1.7.5 - Info Disclosure

CVE-2021-27491 HIGH

Ypsomed mylife < 1.7.5 and mylife Cloud < 1.7.2 - Insufficiently Protected Credentials

CVE-2021-34700 MEDIUM

Cisco Catalyst SD-WAN Manager 20.5.0-20.5.1 & vManage <20.4.2 Authenticated Arbitrary File Read

CVE-2021-35965 CRITICAL

Orca HCM < 10.0 - Unauthenticated Administrator Account Takeover via Hardcoded Default Password

CVE-2021-32770 HIGH

Gatsby <4.0.8, <5.9.2 - Info Disclosure

CVE-2021-20439 HIGH

IBM Security Access Manager <9.0 - Info Disclosure

CVE-2021-22781 MEDIUM

EcoStruxure Control Expert < 15.0 SP1, EcoStruxure Process Expert, SCADAPack RemoteConnect - SMTP Credentials Exposure

CVE-2021-22780 HIGH

EcoStruxure Control Expert < 15.0 SP1, EcoStruxure Process Expert, RemoteConnect - Insufficiently Protected Credentials

CVE-2021-22778 HIGH

EcoStruxure Control Expert < 15.0 SP1, EcoStruxure Process Expert, SCADAPack RemoteConnect - Credential Exposure

CVE-2021-35527 HIGH

Hitachi ABB Power Grids eSOMS <6.3 - Info Disclosure

CVE-2021-21591 MEDIUM

Dell EMC Unity, Unity XT, and UnityVSA < 5.1.0.0.5.394 - Insufficiently Protected Credentials

CVE-2021-21590 MEDIUM

Dell EMC Unity, Unity XT, and UnityVSA < 5.1.0.0.5.394 - Plain-Text Password Storage

CVE-2021-36382 LOW

Devolutions Server <2021.1.18-2020.3.20 - Man In The Middle

CVE-2021-30116 CRITICAL KEV

Kaseya VSA <9.5.7 - Info Disclosure

CVE-2021-34075 MEDIUM

Artica Pandora FMS <= 754 - Sensitive Information Exposure in File Manager

CVE-2021-35050 MEDIUM

Fidelis Network & Deception <9.3.3 - Info Disclosure

CVE-2021-34204 MEDIUM

D-Link DIR-2640-US 1.01B04 - Insufficiently Protected Credentials

CVE-2021-28857 HIGH

TP-Link TL-WPA4220 4.0.2 Build 20180308 Rel.37064 - Insufficiently Protected Credentials via Cookie

CVE-2021-1537 MEDIUM

Cisco ThousandEyes Recorder < 1.0.5 - Unauthenticated Sensitive Information Exposure via Installer

CVE-2021-23019 HIGH

NGINX Controller <3.15.0 - Info Disclosure

CVE-2021-29253 MEDIUM

RSA Archer 6.4 P1-6.9 P2 - Insecure Credential Storage in Tableau Integration

CVE-2021-20389 HIGH

IBM Security Guardium 11.2 - Info Disclosure

CVE-2021-29043 MEDIUM

Liferay Digital Experience Platform < 7.3.5 - Insufficiently Protected Credentials

CVE-2021-3528 HIGH

noobaa-operator <5.7.0 - Privilege Escalation

CVE-2021-20997 HIGH

WAGO Managed Switches - Insufficiently Protected Credentials

Previous Page 29 of 55 Next

Details

Vulnerabilities 1,360

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy