CWE-311
Missing Encryption of Sensitive Data
ClassDraftLikelihood: High
Description
The product does not encrypt sensitive or critical information before storage or transmission.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-157 · CAPEC-158 · CAPEC-204 · CAPEC-31 · CAPEC-37 · CAPEC-383 · CAPEC-384 · CAPEC-385 · CAPEC-386 · CAPEC-387 · CAPEC-388 · CAPEC-477 · CAPEC-609 · CAPEC-65
CVEs mapped to this weakness (23)
page 1 of 2| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-36751 | Cri | 0.61 | — | 0.00 | Dec 13, 2025 | Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint. | |
| CVE-2024-29151 | Cri | 0.59 | 9.1 | 0.00 | Mar 18, 2024 | Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI. | |
| CVE-2025-48981 | Hig | 0.56 | 8.6 | 0.00 | Oct 8, 2025 | An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection. | |
| CVE-2025-29314 | Hig | 0.53 | 8.1 | 0.00 | Mar 24, 2025 | Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack. | |
| CVE-2007-4961 | Hig | 0.49 | 7.5 | 0.00 | Sep 18, 2007 | The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server. | |
| CVE-2025-48862 | Hig | 0.46 | 7.1 | 0.00 | Aug 14, 2025 | Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted. | |
| CVE-2024-7396 | Hig | 0.46 | — | 0.00 | Aug 5, 2024 | Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2. | |
| CVE-2025-40680 | Med | 0.45 | — | 0.00 | Jul 24, 2025 | Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract these sensitive values. | |
| CVE-2024-5731 | Med | 0.44 | 6.8 | 0.00 | Jun 14, 2024 | A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information. | |
| CVE-2026-34486 | Hig | 0.42 | 7.5 | 0.01 | Apr 9, 2026 | Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue. | |
| CVE-2026-34992 | Hig | 0.42 | 7.5 | 0.00 | Apr 6, 2026 | Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption vulnerability affects inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled (trafficEncryptionMode: ipsec), Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly encrypted via ESP (Encapsulating Security Payload), traffic using IPv6 is transmitted in plaintext. This occurs because the packets are encapsulated (using Geneve or VXLAN) but bypass the IPsec encryption layer. Impacted Users: users with dual-stack clusters and IPsec encryption enabled. Single-stack IPv4 or IPv6 clusters are not affected. This vulnerability is fixed in 2.4.5 and 2.5.2. | |
| CVE-2025-24008 | Med | 0.42 | 6.5 | 0.00 | May 13, 2025 | A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not encrypt data in transit. An attacker with network access could eavesdrop the connection and retrieve sensitive information, including obfuscated safety passwords. | |
| CVE-2025-15065 | Med | 0.41 | 6.3 | 0.00 | Dec 29, 2025 | Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service, Modify Shared File.This issue affects KESS Enterprise: before *.25.9.19.exe | |
| CVE-2025-32875 | Med | 0.37 | 5.7 | 0.00 | Jun 20, 2025 | An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing attackers within Bluetooth range to eavesdrop on the communication. Furthermore, even if a user manually initiates pairing and bonding in the Android settings, the application continues to transmit data without requiring the watch to be bonded. This fallback behavior enables attackers to exploit the communication, for example, by conducting an active machine-in-the-middle attack. | |
| CVE-2024-27106 | Med | 0.37 | 5.7 | 0.00 | May 14, 2024 | Vulnerable data in transit in GE HealthCare EchoPAC products | |
| CVE-2024-41124 | Med | 0.34 | 6.3 | 0.00 | Jul 19, 2024 | Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. `API_URLS` is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by using https rather than http connections. All users are advised to upgrade. There is no known workarounds for this vulnerability. | |
| CVE-2024-38283 | Med | 0.33 | — | 0.00 | Jun 13, 2024 | Sensitive customer information is stored in the device without encryption. | |
| CVE-2024-7142 | Med | 0.30 | 4.6 | 0.00 | Jan 10, 2025 | On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them | |
| CVE-2025-8763 | Low | 0.24 | 3.7 | 0.00 | Aug 9, 2025 | A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk leads to missing encryption of sensitive data. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-47274 | Low | 0.09 | — | 0.00 | May 12, 2025 | ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart stopped containers. This means that an attacker who has access to the home folder of the user who starts the MCP server can read secrets without needing access to the secrets store itself. This only applies to secrets which were used in containers whose run configs exist at a point in time - other secrets remaining inaccessible. ToolHive 0.0.33 fixes the issue. Some workarounds are available. Stop and delete any running MCP servers, or manually remove any runconfigs from `$HOME/Library/Application Support/toolhive/runconfigs/` (macOS) or `$HOME/.state/toolhive/runconfigs/` (Linux). |