CWE-311
Missing Encryption of Sensitive Data
Description
The product does not encrypt sensitive or critical information before storage or transmission.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-157 · CAPEC-158 · CAPEC-204 · CAPEC-31 · CAPEC-37 · CAPEC-383 · CAPEC-384 · CAPEC-385 · CAPEC-386 · CAPEC-387 · CAPEC-388 · CAPEC-477 · CAPEC-609 · CAPEC-65
CVEs mapped to this weakness (303)
page 9 of 16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10665 | — | Hig | 0.46 | 8.1 | 0.02 | Jun 4, 2018 | herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with… | |
| CVE-2016-10638 | Hig | 0.46 | 8.1 | 0.02 | Jun 4, 2018 | js-given is a JavaScript frontend to jgiven. js-given downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker… | ||
| CVE-2016-10626 | Hig | 0.46 | 8.1 | 0.02 | Jun 1, 2018 | mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the… | ||
| CVE-2016-10625 | — | Hig | 0.46 | 8.1 | 0.02 | Jun 1, 2018 | headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping… | |
| CVE-2016-10588 | Hig | 0.46 | 8.1 | 0.02 | Jun 1, 2018 | nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the… | ||
| CVE-2016-10582 | Hig | 0.46 | 8.1 | 0.02 | Jun 1, 2018 | closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if… | ||
| CVE-2016-10579 | — | Hig | 0.46 | 8.1 | 0.01 | Jun 1, 2018 | Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker… | |
| CVE-2016-10572 | — | Hig | 0.46 | 8.1 | 0.02 | May 31, 2018 | mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled… | |
| CVE-2016-10563 | — | Hig | 0.46 | 8.1 | 0.01 | May 31, 2018 | During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise. | |
| CVE-2017-16003 | Hig | 0.46 | 8.1 | 0.02 | May 29, 2018 | windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the… | ||
| CVE-2016-10589 | — | Hig | 0.46 | 8.1 | 0.02 | May 29, 2018 | selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker… | |
| CVE-2016-10577 | Hig | 0.46 | 8.1 | 0.02 | May 29, 2018 | ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested… | ||
| CVE-2025-40680 | Med | 0.45 | — | 0.00 | Jul 24, 2025 | Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the… | ||
| CVE-2024-5731 | — | Med | 0.44 | 6.8 | 0.00 | Jun 14, 2024 | A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information. | |
| CVE-2018-6674 | Med | 0.44 | 6.8 | 0.00 | May 25, 2018 | Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges… | ||
| CVE-2026-34486 | Hig | 0.43 | 7.5 | 0.16 | Apr 9, 2026 | Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or… | ||
| CVE-2026-34992 | Hig | 0.42 | 7.5 | 0.00 | Apr 6, 2026 | Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption vulnerability affects inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled (trafficEncryptionMode:… | ||
| CVE-2025-24008 | Med | 0.42 | 6.5 | 0.00 | May 13, 2025 | A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not encrypt data in transit. An attacker with network access could eavesdrop the connection and retrieve sensitive… | ||
| CVE-2018-3826 | Med | 0.42 | 6.5 | 0.01 | Sep 19, 2018 | In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API. | ||
| CVE-2018-4855 | Med | 0.42 | 6.5 | 0.01 | Jul 3, 2018 | A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords. |
- risk 0.46cvss 8.1epss 0.02
herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with…
- risk 0.46cvss 8.1epss 0.02
js-given is a JavaScript frontend to jgiven. js-given downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker…
- risk 0.46cvss 8.1epss 0.02
mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the…
- risk 0.46cvss 8.1epss 0.02
headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping…
- risk 0.46cvss 8.1epss 0.02
nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the…
- risk 0.46cvss 8.1epss 0.02
closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if…
- risk 0.46cvss 8.1epss 0.01
Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker…
- risk 0.46cvss 8.1epss 0.02
mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled…
- risk 0.46cvss 8.1epss 0.01
During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.
- risk 0.46cvss 8.1epss 0.02
windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the…
- risk 0.46cvss 8.1epss 0.02
selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker…
- risk 0.46cvss 8.1epss 0.02
ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested…
- risk 0.45cvss —epss 0.00
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the…
- risk 0.44cvss 6.8epss 0.00
A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information.
- risk 0.44cvss 6.8epss 0.00
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges…
- risk 0.43cvss 7.5epss 0.16
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or…
- risk 0.42cvss 7.5epss 0.00
Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption vulnerability affects inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled (trafficEncryptionMode:…
- risk 0.42cvss 6.5epss 0.00
A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not encrypt data in transit. An attacker with network access could eavesdrop the connection and retrieve sensitive…
- risk 0.42cvss 6.5epss 0.01
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API.
- risk 0.42cvss 6.5epss 0.01
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.