CWE-214: Invocation of Process Using Visible Sensitive Information
low-riskA process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.
Abstraction: Base
Common Consequences
Confidentiality
→
Read Application Data
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-4254 | 7.1 | 0.4% | — |
| CVE-2019-3869 | 7.2 | 0.3% | — |
| CVE-2020-5422 | 6.5 | 0.3% | — |
| CVE-2021-3859 | 7.5 | 0.3% | — |
| CVE-2025-1333 | 6.0 | 0.2% | — |
| CVE-2024-1742 | 3.8 | 0.1% | — |
| CVE-2024-28799 | 5.6 | 0.1% | — |
| CVE-2025-32987 | 6.0 | 0.1% | — |
| CVE-2024-39314 | 4.7 | 0.1% | — |
| CVE-2020-36771 | 7.8 | 0.1% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal