CWE-922
385 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-922page 2 of 8
- CVE-2020-4673MEDIUMCVSS 4.3EG 4.32021-01-12
IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286.
- CVE-2020-4674MEDIUMCVSS 4.3EG 4.32021-01-12
IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287.
- CVE-2020-4726LOWCVSS 3.3EG 3.32021-03-02
The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975.
- CVE-2020-4765LOWCVSS 3.3EG 3.32021-05-19
IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902.
- CVE-2020-4803LOWCVSS 3.3EG 3.32021-09-23
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535.
- CVE-2020-4805LOWCVSS 3.3EG 3.32021-09-23
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.
- CVE-2020-4809LOWCVSS 3.3EG 3.32021-09-23
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633.
- CVE-2020-4871MEDIUMCVSS 5.5EG 5.52021-01-19
IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.
- CVE-2020-4886LOWCVSS 3.3EG 3.32020-11-13
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.
- CVE-2020-4906LOWCVSS 3.3EG 3.32020-12-16
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.
- CVE-2020-5008MEDIUMCVSS 5.3EG 5.32021-06-07
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server l…
- CVE-2020-5262HIGHCVSS 7.7EG 7.72020-03-19
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed i…
- CVE-2020-7000HIGHCVSS 7.5EG 7.52020-04-03
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which…
- CVE-2020-8481CRITICALCVSS 9.8EG 9.82020-04-29
For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engine…
- CVE-2020-8482HIGHCVSS 7.8EG 7.82020-05-29
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data
- CVE-2020-9202MEDIUMCVSS 4.4EG 4.42020-12-24
There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's …
- CVE-2021-0639MEDIUMCVSS 5.5EG 5.52021-08-17
In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileg…
- CVE-2021-20391LOWCVSS 3.3EG 3.32021-05-14
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.
- CVE-2021-20396LOWCVSS 3.3EG 3.32021-06-11
IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.
- CVE-2021-20575LOWCVSS 3.3EG 3.32021-06-01
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.
- CVE-2021-21816MEDIUMCVSS 4.3EG 4.32021-07-16
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger…
- CVE-2021-22914HIGHCVSS 7.5EG 7.52021-06-16
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an maliciou…
- CVE-2021-25266LOWCVSS 3.9EG 3.92022-04-27
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before…
- CVE-2021-25276HIGHCVSS 7.1EG 7.12021-02-03
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesyst…
- CVE-2021-25402LOWCVSS 3.3EG 3.32021-06-11
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.
- CVE-2021-25404LOWCVSS 3.3EG 3.32021-06-11
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.
- CVE-2021-25406MEDIUMCVSS 6.5EG 6.52021-06-11
Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information.
- CVE-2021-25522MEDIUMCVSS 5.3EG 5.32021-12-08
Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission.
- CVE-2021-25523MEDIUMCVSS 4.0EG 4.02021-12-08
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
- CVE-2021-25524MEDIUMCVSS 4.0EG 4.02021-12-08
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
- CVE-2021-25776HIGHCVSS 7.5EG 7.52021-02-03
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
- CVE-2021-27004MEDIUMCVSS 5.5EG 5.52021-11-01
System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials.
- CVE-2021-27170CRITICALCVSS 9.8EG 9.82021-02-10
An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet.
- CVE-2021-27456LOWCVSS 2.4EG 2.42022-03-23
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.
- CVE-2021-28653MEDIUMCVSS 6.5EG 6.52021-03-19
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication ha…
- CVE-2021-28813CRITICALCVSS 9.6EG 9.62021-09-10
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information b…
- CVE-2021-28815MEDIUMCVSS 6.0EG 6.02021-06-16
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism…
- CVE-2021-36127MEDIUMCVSS 4.3EG 4.32021-07-02
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosin…
- CVE-2021-36546HIGHCVSS 7.5EG 7.52023-02-03
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.
- CVE-2021-36786HIGHCVSS 7.5EG 7.52021-08-13
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
- CVE-2021-38590MEDIUMCVSS 5.5EG 5.52021-08-11
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).
- CVE-2021-39289HIGHCVSS 7.5EG 7.52021-08-23
Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB28…
- CVE-2021-42371CRITICALCVSS 9.8EG 9.82021-11-08
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.
- CVE-2021-42718MEDIUMCVSS 4.9EG 4.92025-01-23
Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing containe…
- CVE-2021-42913HIGHCVSS 7.5EG 7.52021-12-20
The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required.
- CVE-2021-43512MEDIUMCVSS 5.5EG 5.52022-06-02
An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys.
- CVE-2022-0724MEDIUMCVSS 6.5EG 6.52022-02-23
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
- CVE-2022-0881MEDIUMCVSS 6.5EG 6.52022-03-09
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.
- CVE-2022-1021MEDIUMCVSS 5.4EG 5.42022-08-19
Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.
- CVE-2022-1044MEDIUMCVSS 6.5EG 6.52022-05-12
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.
Map vulnerabilities like CWE-922 to your infrastructure
EchelonGraph correlates every CVE — across CWE-922 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →