CWE-199 (Information Management Errors) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
Weaknesses in this category are related to improper handling of sensitive information.
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2025-58304 | 2025-11-28 | Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-51522 | 2024-11-05 | Vulnerability of improper device information processing in the device management module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2016-10841 | 2019-08-01 | The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73). |
| CVE-2016-5405 | 2017-06-08 | 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstati… |
| CVE-2016-5486 | 2016-10-25 | Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality via vectors related to Core Serv… |
| CVE-2015-8346 | 2016-04-12 | app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the tim… |
| CVE-2014-1595 | 2014-12-11 | Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, whi… |
| CVE-2014-1591 | 2014-12-11 | Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after … |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships |
| 2009-07-27 | CWE Content Team | 1.5 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Mapping_Notes, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |