CWE-213: Exposure of Sensitive Information Due to Incompatible Policies
low-riskThe product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.
Abstraction: Base
Common Consequences
Confidentiality
→
Read Application Data
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2019-10247 | 5.3 | 4.2% | — |
| CVE-2019-10246 | 5.3 | 2.6% | — |
| CVE-2020-1652 | 5.6 | 0.5% | — |
| CVE-2023-36919 | 5.3 | 0.5% | — |
| CVE-2022-30350 | 7.5 | 0.4% | — |
| CVE-2024-7267 | 6.5 | 0.4% | — |
| CVE-2023-40570 | 5.3 | 0.3% | — |
| CVE-2022-22541 | 6.5 | 0.3% | — |
| CVE-2017-3211 | 5.3 | 0.3% | — |
| CVE-2019-1010283 | 7.5 | 0.3% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal