CWE · MITRE source
CWE-532Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (9)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
AU-1 | Policy and Procedures | AU | Procedures mandate excluding sensitive data from logs to prevent unauthorized exposure via audit records. |
AU-13 | Monitoring for Information Disclosure | AU | Identifies insertion of sensitive data into logs, allowing detection of unauthorized disclosure. |
AU-16 | Cross-organizational Audit Logging | AU | Cross-organizational coordination enables agreement on what data to include in audit logs, directly reducing insertion of sensitive information. |
CM-13 | Data Action Mapping | CM | Identifying logging as a data action allows prevention of sensitive information being inserted into log files. |
IR-9 | Information Spillage Response | IR | The process of identifying and eradicating spilled information applies directly to sensitive data inserted into log files. |
PT-7 | Specific Categories of Personally Identifiable Information | PT | Specific processing rules for sensitive PII categories commonly include restrictions on logging, making insertion of such data into log files less likely. |
RA-8 | Privacy Impact Assessments | RA | PIAs detect planned or existing logging of PII and require removal or protection, preventing insertion of sensitive information into logs. |
SC-38 | Operations Security | SC | Limits insertion of sensitive operational details into logs by treating such data as key information requiring protection. |
SI-15 | Information Output Filtering | SI | Checking application output against expected content catches insertion of sensitive values into log streams or files. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2023-43261 | 7.1 | 7.5 | 0.9314 | 2023-10-04 |
CVE-2020-35234 | 6.4 | 7.5 | 0.8146 | 2020-12-14 |
CVE-2019-1622 | 6.1 | 5.3 | 0.8480 | 2019-06-27 |
CVE-2024-20440 | 6.1 | 7.5 | 0.7726 | 2024-09-04 |
CVE-2023-22649 | 4.4 | 8.4 | 0.4519 | 2024-10-16 |
CVE-2025-14437 | 4.2 | 7.5 | 0.4537 | 2025-12-18 |
CVE-2025-24984 KEV | 3.1 | 4.6 | 0.0283 | 2025-03-11 |
CVE-2023-21492 KEV | 2.9 | 4.4 | 0.0032 | 2023-05-04 |
CVE-2018-12604 | 2.8 | 7.5 | 0.2214 | 2018-06-20 |
CVE-2024-52940 | 2.7 | 7.5 | 0.1996 | 2024-11-18 |
CVE-2018-3609 | 2.6 | 8.1 | 0.1627 | 2018-02-16 |
CVE-2018-11716 | 2.5 | 9.8 | 0.0905 | 2018-07-16 |
CVE-2018-11717 | 2.5 | 9.8 | 0.0917 | 2018-07-16 |
CVE-2024-9466 | 2.5 | 6.5 | 0.2012 | 2024-10-09 |
CVE-2017-8075 | 2.1 | 9.8 | 0.0190 | 2017-04-23 |
CVE-2017-6165 | 2.1 | 9.8 | 0.0195 | 2017-10-20 |
CVE-2018-17922 | 2.1 | 9.8 | 0.0245 | 2018-11-02 |
CVE-2016-8233 | 2.0 | 9.8 | 0.0040 | 2017-03-01 |
CVE-2017-7214 | 2.0 | 9.8 | 0.0130 | 2017-03-21 |
CVE-2017-8074 | 2.0 | 9.8 | 0.0135 | 2017-04-23 |
CVE-2017-4955 | 2.0 | 9.8 | 0.0041 | 2017-06-13 |
CVE-2017-9615 | 2.0 | 9.8 | 0.0028 | 2017-06-26 |
CVE-2017-6709 | 2.0 | 9.8 | 0.0051 | 2017-07-06 |
CVE-2017-15366 | 2.0 | 9.8 | 0.0028 | 2017-10-26 |
CVE-2017-1000171 | 2.0 | 9.8 | 0.0033 | 2017-11-03 |