VYPR

CWE-921

Storage of Sensitive Data in a Mechanism without Access Control

BaseIncomplete

Description

The product stores sensitive information in a file system or device that does not have built-in access control.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (8)

  • CVE-2025-30016CriApr 8, 2025
    risk 0.64cvss 9.8epss 0.01

    SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the…

  • CVE-2024-9334HigFeb 27, 2025
    risk 0.53cvss 8.2epss 0.00

    Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass. This issue affects Pallium Vehicle Tracking: before 17.10.2024.

  • CVE-2025-24870MedFeb 11, 2025
    risk 0.39cvss 6.0epss 0.00

    SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly…

  • CVE-2025-24843MedFeb 28, 2025
    risk 0.33cvss 5.1epss 0.00

    Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data.

  • CVE-2023-41818MedMay 3, 2024
    risk 0.33cvss 5.0epss 0.00

    An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system logs. 

  • CVE-2024-5206Jun 6, 2024
    risk 0.00cvss epss 0.00

    A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data…

  • CVE-2023-2665May 12, 2023
    risk 0.00cvss epss 0.01

    Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.

  • CVE-2022-1706May 17, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is…