CWE-199 8 個 CVE MITRE 定義 ↗

CWE-199:Information Management Errors

概覽

CWE-199(Information Management Errors)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

Weaknesses in this category are related to improper handling of sensitive information.

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2025-58304 2025-11-27 Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-51522 2024-11-05 Vulnerability of improper device information processing in the device management module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2016-10841 2019-08-01 The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73).
CVE-2016-5405 2017-06-08 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstati…
CVE-2016-5486 2016-10-25 Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality via vectors related to Core Serv…
CVE-2015-8346 2016-04-12 app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the tim…
CVE-2014-1595 2014-12-11 Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, whi…
CVE-2014-1591 2014-12-11 Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after …

內容提交

名稱
CWE Community
日期
2006-07-19
版本
Draft 3
評論
Submitted by members of the CWE community to extend early CWE versions

內容修訂

日期 名稱 版本 重要性 評論
2008-09-08 CWE Content Team 1.0 updated Relationships
2009-07-27 CWE Content Team 1.5 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms
2020-02-24 CWE Content Team 4.0 updated Relationships
2023-04-27 CWE Content Team 4.11 updated Mapping_Notes, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
cvelogic Threat Intelligence