CWE-319
Cleartext Transmission of Sensitive Information
BaseDraftLikelihood: High
Description
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-117 · CAPEC-383 · CAPEC-477 · CAPEC-65
CVEs mapped to this weakness (155)
page 4 of 8| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2005-3140 | Hig | 0.49 | 7.5 | 0.00 | Oct 5, 2005 | Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes. | |
| CVE-2002-1949 | Hig | 0.49 | 7.5 | 0.00 | Dec 31, 2002 | The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. | |
| CVE-2025-41708 | Hig | 0.48 | 7.4 | 0.00 | Sep 8, 2025 | Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission. | |
| CVE-2025-27720 | Hig | 0.48 | 7.4 | 0.00 | May 8, 2025 | The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials. | |
| CVE-2024-27166 | Hig | 0.48 | 7.4 | 0.00 | Jun 14, 2024 | Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL. | |
| CVE-2017-9035 | Hig | 0.48 | 7.4 | 0.01 | May 26, 2017 | Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers. | |
| CVE-2026-6066 | Hig | 0.46 | 7.1 | 0.00 | Apr 20, 2026 | ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center traffic in Automate deployments. The issue has been resolved in Automate 2026.4 by enforcing secure communication for affected Solution Center connections. | |
| CVE-2025-10641 | Hig | 0.46 | 7.1 | 0.00 | Oct 21, 2025 | All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit their data to the server using the unencrypted FTP. Clients connect to the FTP server on port 12304 and transmit the data unencrypted. In addition, all traffic between the console client and the server at port 12306 is unencrypted. | |
| CVE-2025-8863 | Hig | 0.46 | — | 0.00 | Aug 11, 2025 | YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission | |
| CVE-2025-24849 | Hig | 0.46 | 7.1 | 0.00 | Feb 28, 2025 | Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure. | |
| CVE-2022-32510 | Hig | 0.46 | 7.1 | 0.00 | May 14, 2024 | An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the full set of API endpoints. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. | |
| CVE-2024-31206 | Hig | 0.46 | 8.2 | 0.00 | Apr 4, 2024 | dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `dectalk-tts@1.0.0`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle (MITM) attack. The network request was upgraded to HTTPS in version `1.0.1`. There are no workarounds, but some precautions include not sending any sensitive information and carefully verifying the API response before saving it. | |
| CVE-2017-1181 | Hig | 0.46 | 7.0 | 0.00 | Jul 17, 2017 | IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487. | |
| CVE-2025-52586 | Med | 0.45 | 6.9 | 0.00 | Aug 8, 2025 | The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write operations for voltage, current, and power configuration, operational status, alarms, telemetry, system reset, or inverter control commands, potentially disrupting power generation or reconfiguring inverter settings. | |
| CVE-2025-26654 | Med | 0.44 | 6.8 | 0.00 | Apr 8, 2025 | SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request before the redirect may be impacted if the client is configured to use HTTP and sends confidential data on the first request before the redirect. | |
| CVE-2024-45102 | Med | 0.44 | 6.8 | 0.00 | Jan 14, 2025 | A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances. | |
| CVE-2024-45101 | Med | 0.44 | 6.8 | 0.00 | Sep 13, 2024 | A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL. | |
| CVE-2026-33569 | Med | 0.42 | 6.5 | 0.00 | Apr 17, 2026 | Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device. | |
| CVE-2026-22155 | Med | 0.42 | 6.5 | 0.00 | Apr 14, 2026 | A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here> | |
| CVE-2025-10540 | Med | 0.42 | 6.5 | 0.00 | Sep 25, 2025 | iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext without authentication or encryption. An attacker with network access can intercept sensitive information (such as credentials, keylogger data, and personally identifiable information) and tamper with traffic. This allows both unauthorized disclosure and modification of data, including issuing arbitrary commands to client agents. |