BaseIncomplete
CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere
Category: auth
Description
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Common consequences· 1
- Confidentiality — Read Application Data
Potential mitigations· 1
- [Architecture and Design, Implementation]Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
Related CAPEC attack patterns· 2
References
Exploits (incoming)2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Web Application Fingerprintingcapec-170 | 100% | live |
| AttackPattern | System Location Discoverycapec-694 | 100% | live |
(incoming)16
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-0061cve-2025-0061 | 0% | live |
| Vulnerability | CVE-2025-10264cve-2025-10264 | 0% | live |
| Vulnerability | CVE-2025-11151cve-2025-11151 | 0% | live |
| Vulnerability | CVE-2025-1144cve-2025-1144 | 0% | live |
| Vulnerability | CVE-2025-12779cve-2025-12779 | 0% | live |
| Vulnerability | CVE-2025-44823cve-2025-44823 | 0% | live |
| Vulnerability | CVE-2025-47699cve-2025-47699 | 0% | live |
| Vulnerability | CVE-2025-5893cve-2025-5893 | 0% | live |
| Vulnerability | CVE-2025-6561cve-2025-6561 | 0% | live |
| Vulnerability | CVE-2025-9364cve-2025-9364 | 0% | live |
| Vulnerability | CVE-2025-9986cve-2025-9986 | 0% | live |
| Vulnerability | CVE-2026-24222cve-2026-24222 | 0% | live |
| Vulnerability | CVE-2026-27494cve-2026-27494 | 0% | live |
| Vulnerability | CVE-2026-34413cve-2026-34413 | 0% | live |
| Vulnerability | CVE-2026-42047cve-2026-42047 | 0% | live |
| KEVEntry | Microsoft Windows Kernel Information Disclosure Vulnerabilitykev-cve-2021-31955 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.