VYPR

CWE-922

Insecure Storage of Sensitive Information

ClassIncomplete

Description

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.

Hierarchy (View 1000)

Parents

CVEs mapped to this weakness (144)

page 4 of 8
  • CVE-2024-37654MedJun 21, 2024
    risk 0.40cvss 6.1epss 0.00

    An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD,…

  • CVE-2025-37110MedJul 31, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

  • CVE-2024-44213MedOct 28, 2024
    risk 0.38cvss 5.9epss 0.01

    An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker in a privileged network position may be able to leak sensitive user information.

  • CVE-2024-46635MedSep 30, 2024
    risk 0.38cvss 5.9epss 0.00

    An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter.

  • CVE-2024-35526MedJun 25, 2024
    risk 0.38cvss 5.9epss 0.00

    An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to access sensitive information in the /facade directory.

  • CVE-2024-51399MedNov 1, 2024
    risk 0.37cvss 5.7epss 0.00

    Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches…

  • CVE-2026-5515MedMay 27, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.

  • CVE-2025-32751MedMay 22, 2026
    risk 0.36cvss 5.5epss 0.00

    Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information.

  • CVE-2025-42979MedJul 8, 2025
    risk 0.36cvss 5.6epss 0.00

    The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access…

  • CVE-2025-24117MedJan 27, 2025
    risk 0.36cvss 5.5epss 0.00

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, visionOS 2.3, watchOS 11.3. An app may be able to fingerprint the user.

  • CVE-2024-54541MedJan 27, 2025
    risk 0.36cvss 5.5epss 0.00

    This issue was addressed through improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access user-sensitive data.

  • CVE-2024-54477MedDec 12, 2024
    risk 0.36cvss 5.5epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access user-sensitive data.

  • CVE-2024-44257MedOct 28, 2024
    risk 0.36cvss 5.5epss 0.00

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to access sensitive user data.

  • CVE-2024-44216MedOct 28, 2024
    risk 0.36cvss 5.5epss 0.00

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to access user-sensitive data.

  • CVE-2024-44275MedOct 28, 2024
    risk 0.36cvss 5.5epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to modify protected parts of the file system.

  • CVE-2024-27789MedMay 14, 2024
    risk 0.36cvss 5.5epss 0.01

    A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.4, macOS Ventura 13.6.7. An app may be able to access user-sensitive data.

  • CVE-2024-23229MedMay 14, 2024
    risk 0.36cvss 5.5epss 0.00

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.4, macOS Ventura 13.6.5. A malicious application may be able to access Find My data.

  • CVE-2024-23290MedMar 8, 2024
    risk 0.36cvss 5.5epss 0.01

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.

  • CVE-2024-23241MedMar 8, 2024
    risk 0.36cvss 5.5epss 0.00

    This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4. An app may be able to leak sensitive user information.

  • CVE-2024-23205MedMar 8, 2024
    risk 0.36cvss 5.5epss 0.00

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to access sensitive user data.