CWE-499 2 CVEs MITRE definition ↗

CWE-499: Serializable Class Containing Sensitive Data

Overview

CWE-499 (Serializable Class Containing Sensitive Data) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The code contains a class with sensitive data, but the class does not explicitly deny serialization. The data can be accessed by serializing the class through another class.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Java Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2024-5657 2024-06-06 The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.
CVE-2022-39309 2022-10-14 GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key …

Previous names

  • Information Leak through Serialization (2008-04-11)

Content submission

Name
CLASP
Date
2006-07-19
Version
Draft 3

Content modifications

Date Name Version Importance Comment
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Common_Consequences, Description, Relationships, Taxonomy_Mappings
2009-07-27 CWE Content Team 1.5 updated Demonstrative_Examples
2011-06-01 CWE Content Team 1.13 updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Relationships, Taxonomy_Mappings
2012-10-30 CWE Content Team 2.3 updated Demonstrative_Examples
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Relationships
2019-01-03 CWE Content Team 3.2 updated Relationships, Taxonomy_Mappings
2020-02-24 CWE Content Team 4.0 updated References, Relationships
2021-03-15 CWE Content Team 4.4 updated Relationships
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Weakness_Ordinalities
cvelogic Threat Intelligence