ClassDraftTop 25 #17

CWE-200Exposure of Sensitive Information to an Unauthorized Actor

Category: auth

Description

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Common consequences· 1

  • Confidentiality — Read Application Data

Potential mitigations· 1

  • [Architecture and Design]

Related CAPEC attack patterns· 59

CAPEC-116CAPEC-13CAPEC-169CAPEC-22CAPEC-224CAPEC-285CAPEC-287CAPEC-290CAPEC-291CAPEC-292CAPEC-293CAPEC-294CAPEC-295CAPEC-296CAPEC-297CAPEC-298CAPEC-299CAPEC-300CAPEC-301CAPEC-302CAPEC-303CAPEC-304CAPEC-305CAPEC-306CAPEC-307CAPEC-308CAPEC-309CAPEC-310CAPEC-312CAPEC-313CAPEC-317CAPEC-318CAPEC-319CAPEC-320CAPEC-321CAPEC-322CAPEC-323CAPEC-324CAPEC-325CAPEC-326CAPEC-327CAPEC-328CAPEC-329CAPEC-330CAPEC-472CAPEC-497CAPEC-508CAPEC-573CAPEC-574CAPEC-575CAPEC-576CAPEC-577CAPEC-59CAPEC-60CAPEC-616CAPEC-643CAPEC-646CAPEC-651CAPEC-79

References

  1. https://cwe.mitre.org/data/definitions/200.html

Exploits (incoming)50

TypeTargetConfidenceTier
AttackPatternTCP (ISN) Counter Rate Probecapec-323100%live
AttackPatternICMP Information Requestcapec-296100%live
AttackPatternIdentify Shared Files/Directories on Systemcapec-643100%live
AttackPatternEavesdroppingcapec-651100%live
AttackPatternTCP 'RST' Flag Checksum Probecapec-328100%live
AttackPatternEstablish Rogue Locationcapec-616100%live
AttackPatternDNS Zone Transferscapec-291100%live
AttackPatternICMP Address Mask Requestcapec-294100%live
AttackPatternSubverting Environment Variable Valuescapec-13100%live
AttackPatternScanning for Vulnerable Softwarecapec-310100%live
AttackPatternTCP (ISN) Greatest Common Divisor Probecapec-322100%live
AttackPatternFile Discoverycapec-497100%live
AttackPatternTCP Xmas Scancapec-303100%live
AttackPatternTCP Initial Window Size Probecapec-326100%live
AttackPatternTCP FIN Scancapec-302100%live
AttackPatternEnumerate Mail Exchange (MX) Recordscapec-290100%live
AttackPatternTCP RPC Scancapec-307100%live
AttackPatternPeripheral Footprintingcapec-646100%live
AttackPatternTCP Congestion Control Flag (ECN) Probecapec-325100%live
AttackPatternUDP Pingcapec-298100%live
AttackPatternIP (DF) 'Don't Fragment Bit' Echoing Probecapec-319100%live
AttackPatternPort Scanningcapec-300100%live
AttackPatternHost Discoverycapec-292100%live
AttackPatternGroup Permission Footprintingcapec-576100%live
AttackPatternUDP Scancapec-308100%live
AttackPatternExploiting Trust in Clientcapec-22100%live
AttackPatternICMP Error Message Quoting Probecapec-329100%live
AttackPatternTCP Sequence Number Probecapec-321100%live
AttackPatternFootprintingcapec-169100%live
AttackPatternPassive OS Fingerprintingcapec-313100%live

Showing top 30 of 50 by confidence. Click any target to see the full neighbourhood.

Compliance frameworks addressing this (incoming)58

TypeTargetConfidenceTier
ComplianceControlowasp_api_top10-api10100%live
ComplianceControlnis2-art21d100%live
ComplianceControldora-art7100%live
ComplianceControldora-art24100%live
ComplianceControlpci_dss_v4-r12100%live
ComplianceControlcra-annexi-1100%live
ComplianceControlpci_dss_v4-r11100%live
ComplianceControltiber_eu-testing100%live
ComplianceControliso27001-a.8.16100%live
ComplianceControldora-art10100%live
ComplianceControlcis_v8-3100%live
ComplianceControlnis2-art21b100%live
ComplianceControlgdpr-art34100%live
ComplianceControlnist_csf-id100%live
ComplianceControlnist_csf-rc100%live
ComplianceControlpci_dss_v4-r9100%live
ComplianceControliso27001-a.5.23100%live
ComplianceControldora-art8100%live
ComplianceControlnist_csf-rs100%live
ComplianceControlgdpr-art5100%live
ComplianceControlcis_v8-13100%live
ComplianceControlowasp_api_top10-api07100%live
ComplianceControlnis2-art21f100%live
ComplianceControliso27001-a.8.9100%live
ComplianceControlgdpr-art35100%live
ComplianceControliso27001-a.5.7100%live
ComplianceControliso27001-a.8.26100%live
ComplianceControlnist_csf-gv100%live
ComplianceControlgdpr-art32100%live
ComplianceControldora-art28100%live

Showing top 30 of 58 by confidence. Click any target to see the full neighbourhood.

(incoming)42

TypeTargetConfidenceTier
VulnerabilityCVE-2025-11079cve-2025-110790%live
VulnerabilityCVE-2025-11151cve-2025-111510%live
VulnerabilityCVE-2025-11693cve-2025-116930%live
VulnerabilityCVE-2025-11710cve-2025-117100%live
VulnerabilityCVE-2025-11717cve-2025-117170%live
VulnerabilityCVE-2025-11749cve-2025-117490%live
VulnerabilityCVE-2025-13371cve-2025-133710%live
VulnerabilityCVE-2025-15103cve-2025-151030%live
VulnerabilityCVE-2025-20221cve-2025-202210%live
VulnerabilityCVE-2025-22612cve-2025-226120%live
VulnerabilityCVE-2025-22956cve-2025-229560%live
VulnerabilityCVE-2025-22960cve-2025-229600%live
VulnerabilityCVE-2025-22961cve-2025-229610%live
VulnerabilityCVE-2025-24102cve-2025-241020%live
VulnerabilityCVE-2025-24146cve-2025-241460%live
VulnerabilityCVE-2025-24204cve-2025-242040%live
VulnerabilityCVE-2025-24232cve-2025-242320%live
VulnerabilityCVE-2025-24246cve-2025-242460%live
VulnerabilityCVE-2025-24250cve-2025-242500%live
VulnerabilityCVE-2025-24253cve-2025-242530%live
VulnerabilityCVE-2025-24263cve-2025-242630%live
VulnerabilityCVE-2025-26521cve-2025-265210%live
VulnerabilityCVE-2025-26604cve-2025-266040%live
VulnerabilityCVE-2025-27615cve-2025-276150%live
VulnerabilityCVE-2025-27675cve-2025-276750%live
VulnerabilityCVE-2025-27845cve-2025-278450%live
VulnerabilityCVE-2025-29270cve-2025-292700%live
VulnerabilityCVE-2025-29628cve-2025-296280%live
VulnerabilityCVE-2025-29629cve-2025-296290%live
VulnerabilityCVE-2025-30127cve-2025-301270%live

Showing top 30 of 42 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE
Exposure of Sensitive Information Due to Incompatible Policies
CWE
Improper Access Control
CWE
Exposure of Resource to Wrong Sphere
CWE
Insufficiently Protected Credentials
CWE
External Control of Critical State Data
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.