CWE-922: Insecure Storage of Sensitive Information
ID
CWE-922
Abstraction
Class
Structure
Simple
Status
Incomplete
Number of CVEs
154
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.
Modes of Introduction
Phase | Note |
---|---|
Architecture and Design | OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase. |
Implementation | |
System Configuration |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Not Language-Specific |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...