CWE-207 – Observable Behavioral Discrepancy With Equivalent Products
Description The product operates in an environment in which its existence or specific identity should not be known, but it behaves differently than other products...
CWE-208 – Observable Timing Discrepancy
Description Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals...
CWE-209 – Generation of Error Message Containing Sensitive Information
Description The software generates an error message that includes sensitive information about its environment, users, or associated data. Modes of Introduction: - Architecture and Design...
CWE-210 – Self-generated Error Message Containing Sensitive Information
Description The software identifies an error condition and creates its own diagnostic or error messages that contain sensitive information. Modes of Introduction: - Architecture and...
CWE-211 – Externally-Generated Error Message Containing Sensitive Information
Description The application performs an operation that triggers an external diagnostic or error message that is not directly generated or controlled by the application, such...
CWE-212 – Improper Removal of Sensitive Information Before Storage or Transfer
Description The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes...
CWE-213 – Exposure of Sensitive Information Due to Incompatible Policies
Description The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according...
CWE-214 – Invocation of Process Using Visible Sensitive Information
Description A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system....
CWE-215 – Insertion of Sensitive Information Into Debugging Code
Description The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production. When debugging,...
CWE-216 – DEPRECATED: Containment Errors (Container Errors)
Description This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name...