CWE-922: Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

231

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Class

Abstraction

MITRE classification

Overview

If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.

CWE-922: Insecure Storage of Sensitive Information

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Frequently asked questions

What is CWE-922?

What CVEs are caused by CWE-922?

How is CWE-922 detected?

What are the consequences of CWE-922?

Is CWE-922 actively exploited?

References

Stay ahead of CWE-922

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Frequently asked questions

What is CWE-922?

What CVEs are caused by CWE-922?

How is CWE-922 detected?

What are the consequences of CWE-922?

Is CWE-922 actively exploited?

References

Stay ahead of CWE-922