VYPR

CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

BaseIncomplete

Description

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-464 · CAPEC-467 · CAPEC-498 · CAPEC-508

CVEs mapped to this weakness (103)

page 6 of 6
  • CVE-2022-0155Jan 10, 2022
    risk 0.00cvss epss 0.02

    follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

  • CVE-2021-3980Dec 3, 2021
    risk 0.00cvss epss 0.02

    elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

  • CVE-2016-11066Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.