CWE-311

High likelihood

Missing Encryption of Sensitive Data

Parent: CWE-693 - Protection Mechanism Failure

The product does not encrypt sensitive or critical information before storage or transmission.

508 vulnerabilities with CWE-311
CVE-2018-4847 MEDIUM
SIMATIC WinCC OA Operator iOS App < V1.4 - Info Disclosure
CVSS 4.6
CVE-2018-7498 CRITICAL
Philips Alice 6 Firmware < r8.0.2 - Missing Encryption of Sensitive Data
CVSS 9.8
CVE-2018-5261 HIGH
Flexense DiskBoss <8.8.16 - Info Disclosure
CVSS 8.1
CVE-2017-14852 HIGH
Orpak SiteOmat < 6.4.414.084 - Insecure Communication via Invalid SSL Certificate
CVSS 8.6
CVE-2017-3198 CRITICAL
GIGABYTE BRIX GB-BSi7H-6500 and GB-BXi7-5775 Firmware - Insufficient Firmware Image Verification
CVSS 9.8
CVE-2017-16041 MEDIUM
ikst < 1.1.2 - Cleartext Transmission of Sensitive Information via HTTP Resource Download
CVSS 5.9
CVE-2017-16040 HIGH
gfe-sass < 1.0.19 - Cleartext Transmission of Sensitive Information
CVSS 8.1
CVE-2017-16035 HIGH
hubl-server < 1.1.5 - Cleartext Transmission of Sensitive Information via HTTP Redirect
CVSS 8.1
CVE-2017-16003 HIGH
windows-build-tools < 1.0.0 - Missing Encryption of Sensitive Data via HTTP Resource Download
CVSS 8.1
CVE-2017-14012 MEDIUM
Boston Scientific ZOOM LATITUDE PRM Model 3120 - Info Disclosure
CVSS 4.6
CVE-2017-12716 MEDIUM
Abbott Accent and Anthem Pacemakers - Cleartext Transmission of Sensitive Information via RF Communications
CVSS 6.5
CVE-2017-5251 HIGH
Insteon Hub <1012 - Info Disclosure
CVSS 8.1
CVE-2017-15397 HIGH
Google Chrome OS < 62.0.3202.74 - Missing Encryption of Sensitive Data in ChromeVox
CVSS 7.4
CVE-2017-17763 HIGH
SuperBeam < 4.1.3 - Missing Encryption of Sensitive Data in LAN or WiFi Direct Share Feature
CVSS 7.5
CVE-2017-14953 MEDIUM
HikVision DS-2CD2432F-IW Firmware < 5.4.5 - Missing Encryption of Sensitive Data
CVSS 6.5
CVE-2017-8168 MEDIUM
FusionSphere OpenStack V100R006C00SPC102(NFV),V100R006C10 Sensitive Info Exposure via Unencrypted Channel
CVSS 4.3
CVE-2017-15581 HIGH
Diary with lock 4.72 - Unprotected Sensitive Data Transmission
CVSS 7.5
CVE-2017-15609 HIGH
Octopus Deploy < 3.17.6 - Sensitive Information Exposure via Offline Drop Target Variable JSON File
CVSS 7.5
CVE-2017-12817 HIGH
Kaspersky Internet Security for Android 11.12.4.1622 - Unprotected Sensitive Data Exposure via Unencrypted Trace Files
CVSS 7.5
CVE-2017-9632 CRITICAL
PDQ Manufacturing Various - Info Disclosure
CVSS 9.8
CVE-2017-9854 CRITICAL
SMA Solar Technology - Info Disclosure
CVSS 9.8
CVE-2017-7729 HIGH
iSmartAlarm CubeOne Firmware - Unencrypted Sensitive Data Transmission
CVSS 7.5
CVE-2017-7406 CRITICAL
D-Link DIR-615 <20.12PTb04 - Info Disclosure
CVSS 9.8
CVE-2017-3219 HIGH
Acronis True Image <= 2017 Build 8053 - Unauthenticated Software Update Manipulation via HTTP
CVSS 8.8
CVE-2017-3218 HIGH
Samsung Magician < 5.1 - Improper Certificate Validation
CVSS 8.8
Details
Vulnerabilities 508
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits