CWE-643 is a common weakness enumeration in software security. This database tracks 9 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-643?

There are 9 CVE vulnerabilities classified as CWE-643 with an average CVSS score of 6.3888888888889.

What is the severity distribution for CWE-643?

CWE-643 contains 0 critical, 2 high, 7 medium, and 0 low severity vulnerabilities.

CWE-643

Total CVEs

Vulnerabilities

Avg CVSS v3

6.4

Medium

Avg CVSS v2

5.3

Medium

Latest CVE

2024

Most Recent

Severity Distribution

Critical 0

High 2

22.2%

Medium 7

77.8%

Low 0

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (9)

Page 1 of 1

CVE-2024-39565

HIGH

CVSS:8.8(High)

An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execu...

CWE-6432024

CVE-2020-25162

HIGH

CVSS:7.5(High)

A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to acces...

CWE-6432020

CVE-2024-8955

MEDIUM

CVSS:6.8(Medium)

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the ...

CWE-6432024

CVE-2023-36433

MEDIUM

CVSS:6.5(Medium)

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CWE-6432023

CVE-2023-36429

MEDIUM

CVSS:6.5(Medium)

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CWE-6432023

CVE-2023-24922

MEDIUM

CVSS:6.5(Medium)

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CWE-6432023

CVE-2024-2648

MEDIUM

CVSS:5.3(Medium)

A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of...

CWE-6432024

CVE-2024-2645

MEDIUM

CVSS:5.3(Medium)

A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation ...

CWE-6432024

CVE-2022-43840

MEDIUM

CVSS:4.3(Medium)

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the stru...

CWE-6432022