CWE-311 - Missing Encryption of Sensitive Data

Description

The weakness exists due to lack of correct sensitive or important data encryption. Unproperly encrypted information can't provide appropriate confidentiality, integrity and accountability of the system. As application doesn't use a secure channel as SSl attackers can easily obtain sensitive data. Vulnerability also allows malicious users to modify application data.
The weakness is introduced during Architecture and Design, Implication stages.

Latest vulnerabilities for CWE-311

Multiple vulnerabilities in IBM CICS TX Advanced 2024-03-21
Medium Yes

Multiple vulnerabilities in IBM CICS TX Standard 2024-03-15
Medium Yes

Multiple vulnerabilities in IBM Automation Decision Services 2024-03-11
High Yes

Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps 2024-03-07
High Yes

Multiple vulnerabilities in IBM Cloud Pak for Network Automation 2024-03-05
High Yes

Multiple vulnerabilities in IBM Cloud Pak for Business Automation 2024-03-04
High Yes

Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management 2024-02-29
High Yes

Multiple vulnerabilities in IBM Cognos Analytics 2024-02-26
High Yes

Multiple vulnerabilities in IBM Cloud Pak for Data Scheduling 2024-02-21
High Yes

Multiple vulnerabilities in IBM QRadar WinCollect Agent 2024-02-16
High Yes

References

Description of CWE-311 on Mitre website