CWE · MITRE source
CWE-312Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (7)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SC-12 | Cryptographic Key Establishment and Management | SC | Key-management policy requires protected storage of key material, preventing cleartext storage of sensitive cryptographic keys. |
SC-28 | Protection of Information at Rest | SC | Requiring confidentiality protection for information at rest eliminates cleartext storage of sensitive data on persistent media. |
SC-38 | Operations Security | SC | Reduces cleartext storage of sensitive data when OPSEC identifies and mandates protection of key information artifacts. |
CM-13 | Data Action Mapping | CM | Data action mapping can detect storage actions that leave sensitive information in cleartext. |
CM-6 | Configuration Settings | CM | Configuration policies can mandate secure storage methods to avoid cleartext storage of sensitive information. |
AT-3 | Role-based Training | AT | Training on secure data handling discourages cleartext storage of sensitive information. |
MP-1 | Policy and Procedures | MP | Policy requires protection measures such as encryption for sensitive data stored on media, preventing cleartext exposure. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2022-26148 | 7.2 | 9.8 | 0.8722 | 2022-03-21 |
CVE-2020-27986 | 7.1 | 7.5 | 0.9257 | 2020-10-28 |
CVE-2021-36782 | 6.8 | 9.9 | 0.7961 | 2022-09-07 |
CVE-2020-5723 | 5.1 | 9.8 | 0.5179 | 2020-03-30 |
CVE-2023-50719 | 4.6 | 7.5 | 0.5112 | 2023-12-15 |
CVE-2011-4723 KEV | 4.0 | 5.7 | 0.1405 | 2011-12-20 |
CVE-2025-22896 | 3.7 | 8.6 | 0.3324 | 2025-02-13 |
CVE-2023-24055 | 3.6 | 5.5 | 0.4144 | 2023-01-22 |
CVE-2021-28937 | 3.5 | 7.5 | 0.3383 | 2021-03-29 |
CVE-2018-8947 | 2.5 | 7.5 | 0.1617 | 2018-03-25 |
CVE-2020-24577 | 2.5 | 7.5 | 0.1676 | 2021-01-08 |
CVE-2024-9466 | 2.5 | 6.5 | 0.2012 | 2024-10-09 |
CVE-2019-0285 | 2.4 | 9.8 | 0.0728 | 2019-04-10 |
CVE-2013-2680 | 2.4 | 7.5 | 0.1567 | 2020-02-05 |
CVE-2001-1481 | 2.1 | 9.8 | 0.0170 | 2001-12-31 |
CVE-2008-0174 | 2.1 | 9.8 | 0.0267 | 2008-01-29 |
CVE-2021-31581 | 2.1 | 7.9 | 0.0924 | 2021-07-22 |
CVE-2024-3742 | 2.1 | 7.5 | 0.0942 | 2024-04-18 |
CVE-2017-5249 | 2.0 | 9.8 | 0.0018 | 2018-02-22 |
CVE-2017-5250 | 2.0 | 9.8 | 0.0015 | 2018-02-22 |
CVE-2018-18394 | 2.0 | 9.8 | 0.0015 | 2018-10-19 |
CVE-2018-18641 | 2.0 | 9.8 | 0.0006 | 2018-12-04 |
CVE-2014-5433 | 2.0 | 9.8 | 0.0019 | 2019-03-26 |
CVE-2019-11384 | 2.0 | 9.8 | 0.0016 | 2019-04-22 |
CVE-2019-9823 | 2.0 | 9.8 | 0.0000 | 2019-07-03 |