CWE-921
Storage of Sensitive Data in a Mechanism without Access Control
BaseIncomplete
Description
The product stores sensitive information in a file system or device that does not have built-in access control.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-30016 | Cri | 0.64 | 9.8 | 0.00 | Apr 8, 2025 | SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the application. | |
| CVE-2024-9334 | Hig | 0.53 | 8.2 | 0.00 | Feb 27, 2025 | Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass.This issue affects Pallium Vehicle Tracking: before 17.10.2024. | |
| CVE-2025-24870 | Med | 0.39 | 6.0 | 0.00 | Feb 11, 2025 | SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly sensitive information. This has no impact on integrity, and availability. | |
| CVE-2025-24843 | Med | 0.33 | 5.1 | 0.00 | Feb 28, 2025 | Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data. | |
| CVE-2023-41818 | Med | 0.33 | 5.0 | 0.00 | May 3, 2024 | An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system logs. |