Este grupo aborda vulnerabilidades relacionadas con la exposición no autorizada de información sensible. Las debilidades dentro de esta categoría incluyen situaciones en las que datos confidenciales, como información personal o sistemas, se vuelven accesibles a actores no autorizados.
Vulnerabilidades
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-201 Exposure of Sensitive Information Through Sent Data
CWE-219 Storage of File with Sensitive Data Under Web Root
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory
CWE-540 Inclusion of Sensitive Information in Source Code
CWE-548 Exposure of Information Through Directory Listing
CWE-668 Exposure of Resource to Wrong Sphere
CWE-651 Exposure of WSDL File Containing Sensitive Information
