Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:Comprehensive Categorization: Sensitive Information Exposure
Category ID:1417
Vulnerability Mapping:Prohibited
Status:Incomplete
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to sensitive information exposure.

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV1400Comprehensive Categorization for Software Assurance Trends
HasMemberAllowedB208Observable Timing Discrepancy
HasMemberAllowedB209Generation of Error Message Containing Sensitive Information
HasMemberAllowedB210Self-generated Error Message Containing Sensitive Information
HasMemberAllowedB211Externally-Generated Error Message Containing Sensitive Information
HasMemberAllowedB1254Incorrect Comparison Logic Granularity
HasMemberAllowedV1255Comparison Logic is Vulnerable to Power Side-Channel Attacks
HasMemberAllowedB1273Device Unlock Credential Sharing
HasMemberAllowedB1295Debug Messages Revealing Unnecessary Information
HasMemberAllowedB1300Improper Protection of Physical Side Channels
HasMemberAllowedB1431Driving Intermediate Cryptographic State/Results to Hardware Module Outputs
HasMemberAllowedV207Observable Behavioral Discrepancy With Equivalent Products
HasMemberDiscouragedC200Exposure of Sensitive Information to an Unauthorized Actor
HasMemberAllowedB201Insertion of Sensitive Information Into Sent Data
HasMemberAllowedB203Observable Discrepancy
HasMemberAllowedB204Observable Response Discrepancy
HasMemberAllowedB205Observable Behavioral Discrepancy
HasMemberAllowedV206Observable Internal Behavioral Discrepancy
HasMemberAllowedB213Exposure of Sensitive Information Due to Incompatible Policies
HasMemberAllowedB214Invocation of Process Using Visible Sensitive Information
HasMemberAllowedB215Insertion of Sensitive Information Into Debugging Code
HasMemberAllowedB359Exposure of Private Personal Information to an Unauthorized Actor
HasMemberAllowedV541Inclusion of Sensitive Information in an Include File
HasMemberAllowedB497Exposure of Sensitive System Information to an Unauthorized Control Sphere
HasMemberAllowedV526Cleartext Storage of Sensitive Information in an Environment Variable
HasMemberAllowedV531Inclusion of Sensitive Information in Test Code
HasMemberAllowedB532Insertion of Sensitive Information into Log File
HasMemberAllowedV535Exposure of Information Through Shell Error Message
HasMemberAllowedV536Servlet Runtime Error Message Containing Sensitive Information
HasMemberAllowedV537Java Runtime Error Message Containing Sensitive Information
HasMemberAllowedB538Insertion of Sensitive Information into Externally-Accessible File or Directory
HasMemberAllowedB540Inclusion of Sensitive Information in Source Code
HasMemberAllowedV548Exposure of Information Through Directory Listing
HasMemberAllowedV550Server-generated Error Message Containing Sensitive Information
HasMemberAllowedV598Use of GET Request Method With Sensitive Query Strings
HasMemberAllowedV615Inclusion of Sensitive Information in Source Code Comments
HasMemberAllowedV651Exposure of WSDL File Containing Sensitive Information
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 1400
Name: Comprehensive Categorization for Software Assurance Trends
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 208
Name: Observable Timing Discrepancy
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 209
Name: Generation of Error Message Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 210
Name: Self-generated Error Message Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 211
Name: Externally-Generated Error Message Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1254
Name: Incorrect Comparison Logic Granularity
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 1255
Name: Comparison Logic is Vulnerable to Power Side-Channel Attacks
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1273
Name: Device Unlock Credential Sharing
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1295
Name: Debug Messages Revealing Unnecessary Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1300
Name: Improper Protection of Physical Side Channels
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1431
Name: Driving Intermediate Cryptographic State/Results to Hardware Module Outputs
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 207
Name: Observable Behavioral Discrepancy With Equivalent Products
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 200
Name: Exposure of Sensitive Information to an Unauthorized Actor
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 201
Name: Insertion of Sensitive Information Into Sent Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 203
Name: Observable Discrepancy
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 204
Name: Observable Response Discrepancy
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 205
Name: Observable Behavioral Discrepancy
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 206
Name: Observable Internal Behavioral Discrepancy
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 213
Name: Exposure of Sensitive Information Due to Incompatible Policies
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 214
Name: Invocation of Process Using Visible Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 215
Name: Insertion of Sensitive Information Into Debugging Code
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 359
Name: Exposure of Private Personal Information to an Unauthorized Actor
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 541
Name: Inclusion of Sensitive Information in an Include File
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 497
Name: Exposure of Sensitive System Information to an Unauthorized Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 526
Name: Cleartext Storage of Sensitive Information in an Environment Variable
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 531
Name: Inclusion of Sensitive Information in Test Code
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 532
Name: Insertion of Sensitive Information into Log File
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 535
Name: Exposure of Information Through Shell Error Message
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 536
Name: Servlet Runtime Error Message Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 537
Name: Java Runtime Error Message Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 538
Name: Insertion of Sensitive Information into Externally-Accessible File or Directory
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 540
Name: Inclusion of Sensitive Information in Source Code
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 548
Name: Exposure of Information Through Directory Listing
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 550
Name: Server-generated Error Message Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 598
Name: Use of GET Request Method With Sensitive Query Strings
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 615
Name: Inclusion of Sensitive Information in Source Code Comments
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 651
Name: Exposure of WSDL File Containing Sensitive Information
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves [REF-1330].

Comments:

See member weaknesses of this category.

▼Notes
▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
▼References
Reference ID: REF-1330
Title: CVE --> CWE Mapping Guidance - Quick Tips
Version: v4.15
Author: MITRE
Publication:
Publisher:
Edition:
URL:https://cwe.mitre.org/documents/cwe_usage/quick_tips.html
URL Date:
Day:25
Month:03
Year:2021
Details not found