ClassIncomplete
CWE-922Insecure Storage of Sensitive Information
Category: data-exposure
Description
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.
Common consequences· 2
- Confidentiality — Read Application Data, Read Files or DirectoriesAttackers can read sensitive information by accessing the unrestricted storage mechanism.
- Integrity — Modify Application Data, Modify Files or DirectoriesAttackers can overwrite sensitive information by accessing the unrestricted storage mechanism.
References
Compliance frameworks addressing this (incoming)5
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | iso27701-a.7.4.1 | 100% | live |
| ComplianceControl | iso27701-a.7.4.5 | 100% | live |
| ComplianceControl | gdpr-art25 | 100% | live |
| ComplianceControl | iso27001-a.8.16 | 100% | live |
| ComplianceControl | pci_dss_v4-r10 | 100% | live |
(incoming)8
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-12539cve-2025-12539 | 0% | live |
| Vulnerability | CVE-2025-2241cve-2025-2241 | 0% | live |
| Vulnerability | CVE-2025-28244cve-2025-28244 | 0% | live |
| Vulnerability | CVE-2025-46627cve-2025-46627 | 0% | live |
| Vulnerability | CVE-2025-48929cve-2025-48929 | 0% | live |
| Vulnerability | CVE-2025-8699cve-2025-8699 | 0% | live |
| Vulnerability | CVE-2026-33407cve-2026-33407 | 0% | live |
| Vulnerability | CVE-2026-40868cve-2026-40868 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.