CWE-922
Insecure Storage of Sensitive Information
ClassIncomplete
Description
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.
Hierarchy (View 1000)
CVEs mapped to this weakness (112)
page 6 of 6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-2157 | Low | 0.21 | 3.3 | 0.00 | Mar 15, 2025 | A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively. | |
| CVE-2024-49201 | Med | 0.21 | 4.3 | 0.00 | Dec 18, 2024 | Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level. | |
| CVE-2024-44200 | Low | 0.21 | 3.3 | 0.00 | Dec 12, 2024 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to read sensitive location information. | |
| CVE-2024-44222 | Low | 0.21 | 3.3 | 0.00 | Oct 28, 2024 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to read sensitive location information. | |
| CVE-2024-40832 | Low | 0.21 | 3.3 | 0.00 | Jul 29, 2024 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs. | |
| CVE-2024-35311 | Low | 0.21 | 3.3 | 0.00 | May 29, 2024 | Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control. | |
| CVE-2024-23232 | Low | 0.21 | 3.3 | 0.00 | Mar 8, 2024 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4. An app may be able to capture a user's screen. | |
| CVE-2024-23217 | Low | 0.21 | 3.3 | 0.00 | Jan 23, 2024 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. An app may be able to bypass certain Privacy preferences. | |
| CVE-2025-11645 | Low | 0.16 | 2.4 | 0.00 | Oct 12, 2025 | A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2024-54485 | Low | 0.16 | 2.4 | 0.00 | Dec 12, 2024 | The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen. | |
| CVE-2020-10368 | Low | 0.16 | 3.5 | 0.00 | Nov 10, 2024 | Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory read access via a "Spectra" attack. | |
| CVE-2025-11644 | Low | 0.13 | 2.0 | 0.00 | Oct 12, 2025 | A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack is characterized by high complexity. The exploitation is known to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. |