CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
low-riskThe product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
Abstraction: Base
Common Consequences
Confidentiality
→
Read Files or Directories
Detection Methods
Automated Static Analysis
Tools are available to analyze documents (such as PDF, Word, etc.) to look for private information such as names, addresses, etc.
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2022-31090 | 7.7 | 3.0% | — |
| CVE-2021-0340 | 8.8 | 2.6% | — |
| CVE-2020-15094 | 8.0 | 2.2% | — |
| CVE-2022-2818 | 9.8 | 1.5% | — |
| CVE-2022-2818 | 9.8 | 1.5% | — |
| CVE-2022-31042 | 7.5 | 1.5% | — |
| CVE-2022-31043 | 7.5 | 1.5% | — |
| CVE-2022-29900 | 6.5 | 1.4% | — |
| CVE-2022-1650 | 8.1 | 1.1% | — |
| CVE-2022-1650 | 8.1 | 1.1% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal