CWE-549 is a common weakness enumeration in software security. This database tracks 11 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-549?

There are 11 CVE vulnerabilities classified as CWE-549 with an average CVSS score of 5.2727272727273.

What is the severity distribution for CWE-549?

CWE-549 contains 0 critical, 1 high, 8 medium, and 2 low severity vulnerabilities.

CWE-549

Total CVEs

Vulnerabilities

Avg CVSS v3

5.3

Medium

Avg CVSS v2

3.3

Low

Latest CVE

2025

Most Recent

Severity Distribution

Critical 0

High 1

9.1%

Medium 8

72.7%

Low 2

18.2%

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (11)

Page 1 of 1

CVE-2023-49106

HIGH

CVSS:7.5(High)

Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04.

CWE-5492023

Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over.

CWE-5492022

CVE-2023-1763

MEDIUM

CVSS:6.5(Medium)

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive inf...

CWE-5492023

CVE-2023-2062

MEDIUM

CVSS:6.2(Medium)

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know ...

CWE-5492023

CVE-2025-31728

MEDIUM

CVSS:5.5(Medium)

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CWE-5492025

CVE-2025-31727

MEDIUM

CVSS:5.5(Medium)

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Re...

CWE-5492025

CVE-2024-10122

MEDIUM

CVSS:4.9(Medium)

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Deta...

CWE-5492024

CVE-2022-20914

MEDIUM

CVSS:4.9(Medium)

A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerab...

CWE-5492022

CVE-2022-1342

MEDIUM

CVSS:4.6(Medium)

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed ...

CWE-5492022

CVE-2025-30197

LOW

CVSS:3.1(Low)

Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it.

CWE-5492025

CVE-2025-0148

LOW

CVSS:2.6(Low)

Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access.

CWE-5492025

CVE Security Database

CWE-549

Severity Distribution

External References

All CVEs (11)

CVE-2023-49106

CVE-2022-22550

CVE-2023-1763

CVE-2023-2062

CVE-2025-31728

CVE-2025-31727

CVE-2024-10122

CVE-2022-20914

CVE-2022-1342

CVE-2025-30197

CVE-2025-0148