CWE-211 |
The application performs an operation that triggers an external diagnostic or error message that is not directly generated or controlled by the application, such as an error generated by the programming language interpreter that the software uses. The error can contain sensitive system information. |
CWE-212 |
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors. |
CWE-311 |
The software does not encrypt sensitive or critical information before storage or transmission. |
CWE-213 |
The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed. |
CWE-214 |
A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system. |
CWE-215 |
The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production. |
CWE-216 |
This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name is inappropriate, since the "container" term is widely understood by developers in different ways than originally intended by PLOVER, the original source for this entry. |
CWE-217 |
This weakness has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this weakness can be found at CWE-766 and CWE-767. |
CWE-218 |
This weakness has been deprecated because it was a duplicate of CWE-493. All content has been transferred to CWE-493. |
CWE-219 |
The application stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties. |