CWE-921
Storage of Sensitive Data in a Mechanism without Access Control
Description
The product stores sensitive information in a file system or device that does not have built-in access control.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-30016 | Cri | 0.64 | 9.8 | 0.01 | Apr 8, 2025 | SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the… | ||
| CVE-2024-9334 | Hig | 0.53 | 8.2 | 0.00 | Feb 27, 2025 | Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass. This issue affects Pallium Vehicle Tracking: before 17.10.2024. | ||
| CVE-2025-24870 | Med | 0.39 | 6.0 | 0.00 | Feb 11, 2025 | SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly… | ||
| CVE-2025-24843 | — | Med | 0.33 | 5.1 | 0.00 | Feb 28, 2025 | Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data. | |
| CVE-2023-41818 | Med | 0.33 | 5.0 | 0.00 | May 3, 2024 | An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system logs. | ||
| CVE-2024-5206 | 0.00 | — | 0.00 | Jun 6, 2024 | A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data… | |||
| CVE-2023-2665 | — | 0.00 | — | 0.01 | May 12, 2023 | Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. | ||
| CVE-2022-1706 | — | 0.00 | — | 0.01 | May 17, 2022 | A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is… |
- risk 0.64cvss 9.8epss 0.01
SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the…
- risk 0.53cvss 8.2epss 0.00
Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass. This issue affects Pallium Vehicle Tracking: before 17.10.2024.
- risk 0.39cvss 6.0epss 0.00
SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly…
- risk 0.33cvss 5.1epss 0.00
Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data.
- risk 0.33cvss 5.0epss 0.00
An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system logs.
- CVE-2024-5206Jun 6, 2024risk 0.00cvss —epss 0.00
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data…
- CVE-2023-2665May 12, 2023risk 0.00cvss —epss 0.01
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.
- CVE-2022-1706May 17, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is…