CWE-221 – Information Loss or Omission
Description The software does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis. This can be resultant,...
CWE-220 – Storage of File With Sensitive Data Under FTP Root
Description The application stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties. Various Unix...
CWE-22 – Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
Description The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted...
CWE-219 – Storage of File with Sensitive Data Under Web Root
Description The application stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties. Besides public-facing...
CWE-218 – DEPRECATED: Failure to provide confidentiality for stored data
Description This weakness has been deprecated because it was a duplicate of CWE-493. All content has been transferred to CWE-493. Modes of Introduction: ...
CWE-217 – DEPRECATED: Failure to Protect Stored Data from Modification
Description This entry has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this entry can be found at CWE-766...
CWE-216 – DEPRECATED: Containment Errors (Container Errors)
Description This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name...
CWE-215 – Insertion of Sensitive Information Into Debugging Code
Description The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production. When debugging,...
CWE-214 – Invocation of Process Using Visible Sensitive Information
Description A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system....
CWE-213 – Exposure of Sensitive Information Due to Incompatible Policies
Description The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according...