Vulnerabilities (CVE)

Filtered by CWE-312
Total 576 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3473 1 Lenovo 38 Thinkagile Hx1320, Thinkagile Hx2320, Thinkagile Hx3320 and 35 more 2024-11-21 4.0 MEDIUM 4.5 MEDIUM
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC.
CVE-2021-39078 2 Ibm, Linux 2 Security Guardium, Linux Kernel 2024-11-21 2.1 LOW 4.4 MEDIUM
IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589.
CVE-2021-39077 2 Ibm, Linux 2 Security Guardium, Linux Kernel 2024-11-21 N/A 4.4 MEDIUM
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.  
CVE-2021-39009 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 N/A 5.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.
CVE-2021-38949 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2024-11-21 2.1 LOW 5.5 MEDIUM
IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.
CVE-2021-38915 1 Ibm 1 Data Risk Manager 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.
CVE-2021-38911 2 Ibm, Redhat 2 Security Risk Manager On Cp4s, Openshift 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.
CVE-2021-38422 1 Deltaww 1 Dialink 2024-11-21 4.6 MEDIUM 7.8 HIGH
Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges.
CVE-2021-38150 1 Sap 1 Business Client 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.
CVE-2021-37842 1 Couchbase 1 Couchbase Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.
CVE-2021-37548 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
CVE-2021-37468 1 Nch 1 Reflect Customer Relationship Management 2024-11-21 2.1 LOW 3.3 LOW
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.
CVE-2021-37452 1 Nch 1 Quorum 2024-11-21 2.1 LOW 5.5 MEDIUM
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.
CVE-2021-37157 1 Opengamepanel 1 Opengamepanel 2024-11-21 9.0 HIGH 8.8 HIGH
An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext.
CVE-2021-36782 1 Suse 1 Rancher 2024-11-21 N/A 9.9 CRITICAL
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.
CVE-2021-36165 1 Riconmobile 2 S9922l, S9922l Firmware 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64.
CVE-2021-36158 1 Alpinelinux 1 Aports 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.
CVE-2021-36096 1 Otrs 1 Otrs 2024-11-21 4.0 MEDIUM 5.2 MEDIUM
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.
CVE-2021-35036 1 Zyxel 62 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 59 more 2024-11-21 3.5 LOW 6.5 MEDIUM
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.
CVE-2021-35035 1 Zyxel 2 Nbg6604, Nbg6604 Firmware 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.