CWE-523 is a common weakness enumeration in software security. This database tracks 12 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-523?

There are 12 CVE vulnerabilities classified as CWE-523 with an average CVSS score of 7.13.

What is the severity distribution for CWE-523?

CWE-523 contains 1 critical, 7 high, 4 medium, and 0 low severity vulnerabilities.

CWE-523

Total CVEs

Vulnerabilities

Avg CVSS v3

7.1

High

Avg CVSS v2

3.9

Low

Latest CVE

2024

Most Recent

Severity Distribution

Critical 1

8.3%

High 7

58.3%

Medium 4

33.3%

Low 0

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (12)

Page 1 of 1

CVE-2020-25175

CRITICAL

CVSS:9.8(Critical)

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.

CWE-5232020

An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentica...

CWE-5232017

CVE-2023-31277

HIGH

CVSS:7.5(High)

PiiGAB M-Bus transmits credentials in plaintext format.

CWE-5232023

CVE-2023-22862

HIGH

CVSS:7.5(High)

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

CWE-5232023

CVE-2022-31805

HIGH

CVSS:7.5(High)

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

CWE-5232022

CVE-2021-38460

HIGH

CVSS:7.5(High)

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs o...

CWE-5232021

CVE-2024-1102

MEDIUM

CVSS:6.5(Medium)

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.

CWE-5232024

CVE-2024-20395

MEDIUM

CVSS:6.4(Medium)

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to ...

CWE-5232024

CVE-2021-32003

MEDIUM

CVSS:5.5(Medium)

Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secom...

CWE-5232021

CVE-2023-28708

MEDIUM

CVSS:4.3(Medium)

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0....

CWE-5232023

CVE-2024-4188

HIGH

Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4.

CWE-5232024

CVE-2024-1509

HIGH

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communic...

CWE-5232024

CVE Security Database

CWE-523

Severity Distribution

External References

All CVEs (12)

CVE-2020-25175

CVE-2017-16731

CVE-2023-31277

CVE-2023-22862

CVE-2022-31805

CVE-2021-38460

CVE-2024-1102

CVE-2024-20395

CVE-2021-32003

CVE-2023-28708

CVE-2024-4188

CVE-2024-1509