CWE-1417: Comprehensive Categorization: Sensitive Information Exposure
ID
CWE-1417
Status
Incomplete
Weaknesses in this category are related to sensitive information exposure.
Relationships
| View | Weakness | ||||||
|---|---|---|---|---|---|---|---|
| # ID | Name | # ID | Name | Abstraction | Structure | Status | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-201 | Insertion of Sensitive Information Into Sent Data | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-203 | Observable Discrepancy | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-204 | Observable Response Discrepancy | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-205 | Observable Behavioral Discrepancy | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-206 | Observable Internal Behavioral Discrepancy | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-207 | Observable Behavioral Discrepancy With Equivalent Products | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-208 | Observable Timing Discrepancy | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-209 | Generation of Error Message Containing Sensitive Information | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-210 | Self-generated Error Message Containing Sensitive Information | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-211 | Externally-Generated Error Message Containing Sensitive Information | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-213 | Exposure of Sensitive Information Due to Incompatible Policies | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-214 | Invocation of Process Using Visible Sensitive Information | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-215 | Insertion of Sensitive Information Into Debugging Code | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-359 | Exposure of Private Personal Information to an Unauthorized Actor | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-497 | Exposure of Sensitive System Information to an Unauthorized Control Sphere | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-526 | Cleartext Storage of Sensitive Information in an Environment Variable | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-531 | Inclusion of Sensitive Information in Test Code | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-532 | Insertion of Sensitive Information into Log File | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-535 | Exposure of Information Through Shell Error Message | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-536 | Servlet Runtime Error Message Containing Sensitive Information | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-537 | Java Runtime Error Message Containing Sensitive Information | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-538 | Insertion of Sensitive Information into Externally-Accessible File or Directory | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-540 | Inclusion of Sensitive Information in Source Code | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-541 | Inclusion of Sensitive Information in an Include File | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-548 | Exposure of Information Through Directory Listing | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-550 | Server-generated Error Message Containing Sensitive Information | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-598 | Use of GET Request Method With Sensitive Query Strings | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-615 | Inclusion of Sensitive Information in Source Code Comments | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-651 | Exposure of WSDL File Containing Sensitive Information | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1254 | Incorrect Comparison Logic Granularity | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1255 | Comparison Logic is Vulnerable to Power Side-Channel Attacks | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1273 | Device Unlock Credential Sharing | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1295 | Debug Messages Revealing Unnecessary Information | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1300 | Improper Protection of Physical Side Channels | Base | Simple | Stable | |
Loading...