CWE · MITRE source
CWE-209Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (6)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SI-11 | Error Handling | SI | Explicitly requires error messages to avoid including sensitive or exploitable details while still supporting corrective action. |
SI-15 | Information Output Filtering | SI | Validation ensures error messages contain only expected, non-sensitive content and blocks leakage via verbose errors. |
SI-17 | Fail-safe Procedures | SI | Fail-safe procedures can be defined to suppress or sanitize error output, reducing generation of messages that contain sensitive information. |
AU-13 | Monitoring for Information Disclosure | AU | Detects error messages that leak sensitive information as evidence of disclosure. |
IA-6 | Authentication Feedback | IA | The control directly mitigates generation of error messages containing sensitive authentication details by requiring obscured feedback instead of verbose responses. |
SC-30 | Concealment and Misdirection | SC | Misdirection allows generation of misleading error messages that withhold or falsify sensitive details. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-29059 KEV | 9.1 | 7.5 | 0.9372 | 2024-03-23 |
CVE-2013-7331 KEV | 8.2 | 6.5 | 0.8181 | 2014-02-26 |
CVE-2023-27587 | 6.6 | 7.4 | 0.8580 | 2023-03-13 |
CVE-2024-45440 | 6.3 | 5.3 | 0.8754 | 2024-08-29 |
CVE-2024-21733 | 5.5 | 5.3 | 0.7343 | 2024-01-19 |
CVE-2021-22145 | 5.4 | 6.5 | 0.6793 | 2021-07-21 |
CVE-2010-3332 | 5.0 | 0.0 | 0.8360 | 2010-09-22 |
CVE-2025-47813 KEV | 4.4 | 4.3 | 0.2501 | 2025-07-10 |
CVE-2024-39719 | 4.2 | 7.5 | 0.4451 | 2024-10-31 |
CVE-2022-29266 | 3.7 | 7.5 | 0.3584 | 2022-04-20 |
CVE-2021-30357 | 2.9 | 5.3 | 0.2998 | 2021-06-08 |
CVE-2021-31159 | 2.5 | 5.3 | 0.2429 | 2021-06-16 |
CVE-2018-17961 | 2.4 | 8.6 | 0.1133 | 2018-10-15 |
CVE-2020-15478 | 2.4 | 7.5 | 0.1471 | 2020-07-01 |
CVE-2017-7945 | 2.0 | 9.8 | 0.0044 | 2017-04-29 |
CVE-2017-7551 | 2.0 | 9.8 | 0.0026 | 2017-08-16 |
CVE-2018-11325 | 2.0 | 9.8 | 0.0003 | 2018-05-22 |
CVE-2018-14925 | 2.0 | 9.8 | 0.0041 | 2018-08-03 |
CVE-2019-7612 | 2.0 | 9.8 | 0.0045 | 2019-03-25 |
CVE-2019-7644 | 2.0 | 9.8 | 0.0052 | 2019-04-11 |
CVE-2022-0660 | 2.0 | 7.5 | 0.0750 | 2022-02-18 |
CVE-2021-42777 | 2.0 | 9.8 | 0.0045 | 2022-10-29 |
CVE-2023-40757 | 2.0 | 9.8 | 0.0010 | 2023-08-28 |
CVE-2023-40758 | 2.0 | 9.8 | 0.0010 | 2023-08-28 |
CVE-2023-40759 | 2.0 | 9.8 | 0.0010 | 2023-08-28 |