CWE-523— Unprotected Transport of Credentials
11 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-523page 1 of 1
- CVE-2020-25175CRITICALCVSS 9.8EG 9.82020-12-14
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
- CVE-2021-32003HIGHCVSS 8.0EG 5.52021-08-05
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.…
- CVE-2021-38460HIGHCVSS 7.5EG 7.52021-10-12
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
- CVE-2022-31805HIGHCVSS 7.5EG 9.82022-06-24
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
- CVE-2023-22862MEDIUMCVSS 5.9EG 5.92023-06-05
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
- CVE-2023-28708MEDIUMCVSS 4.3EG 4.32023-03-22
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M…
- CVE-2023-31277HIGHCVSS 7.5EG 7.52023-07-06
PiiGAB M-Bus transmits credentials in plaintext format.
- CVE-2024-1102MEDIUMCVSS 6.5EG 6.52024-04-25
A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.
- CVE-2024-20395MEDIUMCVSS 6.4EG 6.42024-07-17
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to…
- CVE-2024-4188HIGHCVSS 7.1EG 0.02024-07-30
Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4.
- CVE-2026-8673MEDIUMCVSS 5.9EG 5.92026-05-26
Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux,... Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affect…
Map vulnerabilities like CWE-523 to your infrastructure
EchelonGraph correlates every CVE — across CWE-523 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →