Cyber Posture

CWE · MITRE source

CWE-319Cleartext Transmission of Sensitive Information

Abstraction: Base · CVEs in our corpus: 858

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (15)AI

Showing the 10 most specific. Generic controls that address many weakness types are collapsed below.

Control Title Family Why it addresses this CWE
SC-12Cryptographic Key Establishment and ManagementSCKey-establishment procedures specify secure distribution channels that preclude cleartext transmission of key material.
SC-13Cryptographic ProtectionSCRequires cryptography for transmission uses, eliminating cleartext exposure of sensitive data in transit.
SC-19Voice Over Internet ProtocolSCUsage restrictions and technology-specific guidance routinely mandate encryption (SRTP, TLS) for voice streams that carry sensitive information.
CM-13Data Action MappingCMMapping transmission actions in data flows helps prevent cleartext transmission of sensitive information.
CM-6Configuration SettingsCMSettings can enforce secure transmission protocols to prevent cleartext transmission of sensitive data.
AT-3Role-based TrainingATRole-based training covers secure transmission methods, mitigating cleartext transmission of sensitive data.
CA-3Information ExchangeCABy requiring documented security controls for information exchanges, the control reduces the risk of cleartext transmission of sensitive data.
MP-1Policy and ProceduresMPPolicy addresses secure transport and handling of media to avoid cleartext transmission of sensitive information.
PM-17Protecting Controlled Unclassified Information on External SystemsPMEnforces safeguards against cleartext transmission of CUI when data leaves organizational boundaries to external systems.
SA-9External System ServicesSAExplicit controls and continuous oversight on external system services prevent cleartext transmission of sensitive information over provider-managed channels.
Show 5 more broadly-applicable controls
SC-23Session AuthenticitySCEliminates cleartext exposure of session identifiers or tokens that would allow hijacking.
SC-37Out-of-band ChannelsSCSensitive values are moved off the primary channel, avoiding cleartext transmission risks associated with that channel.
SC-40Wireless Link ProtectionSCMandates cryptographic protection of the wireless medium, eliminating cleartext transmission of sensitive information over the air.
SC-8Transmission Confidentiality and IntegritySCThe control explicitly requires confidentiality protection for transmitted information, preventing cleartext exposure of sensitive data.
SC-9Transmission ConfidentialitySCDirectly prevents cleartext transmission of sensitive information by requiring encryption or equivalent confidentiality protections during transit.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2024-257357.29.10.90362024-03-27
CVE-2024-373936.67.50.84662024-06-10
CVE-2016-56496.09.80.67192018-07-24
CVE-2023-327846.07.50.75502023-05-15
CVE-2017-52595.78.80.66342017-12-20
CVE-2018-127105.18.00.58472018-08-29
CVE-2021-393414.38.20.44322021-11-01
CVE-2023-339604.07.50.41602023-06-01
CVE-2018-12973.09.80.17992018-02-13
CVE-2014-53802.67.50.18982020-01-13
CVE-2019-39932.27.50.11612019-12-17
CVE-2018-131402.18.10.08772018-09-24
CVE-2021-206232.19.80.02082021-02-05
CVE-2023-337302.19.80.01552023-05-31
CVE-2023-62482.110.00.01682023-11-21
CVE-2025-261992.19.80.03032025-06-18
CVE-2017-159992.09.80.00152017-10-29
CVE-2018-72592.09.80.00182018-02-20
CVE-2018-62952.09.80.00242018-03-13
CVE-2018-72462.09.80.00152018-04-18
CVE-2018-88552.09.80.00152018-07-24
CVE-2018-117492.09.80.00152018-08-24
CVE-2019-65262.09.80.00122019-04-15
CVE-2019-37932.09.80.00252019-04-24
CVE-2019-38012.09.80.00072019-04-25