CWE-649— Reliance on Obfuscation or Encryption of Security-Relevant Inputs

4 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-649page 1 of 1

CVE-2010-3300MEDIUMCVSS 5.9EG 5.9
2021-06-22
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
CVE-2019-3730HIGHCVSS 7.5EG 7.5
2019-09-30
RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerabil…
CVE-2024-10772HIGHCVSS 8.8EG 8.8
2024-12-06
Since the firmware update is not validated, an attacker can install modified firmware on the device. This has a high impact on the availabilty, integrity and confidentiality up to the complete compromise of the device.
CVE-2024-36279MEDIUMCVSS 5.3EG 5.3
2024-06-17
Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of …

Map vulnerabilities like CWE-649 to your infrastructure

EchelonGraph correlates every CVE — across CWE-649 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →