Category: SFP Secondary Cluster: Information Loss
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Information Loss cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-221 | Information Loss or Omission | This weakness occurs when an application fails to log critical security events or records them inaccurately, which can misguide security decisions and hinder incident investigation. |
| CWE-222 | Truncation of Security-relevant Information | This vulnerability occurs when a system shortens or cuts off security-critical data during display, logging, or processing. This truncation can hide the true details of an attack, making it harder to detect, investigate, and respond to threats. |
| CWE-223 | Omission of Security-relevant Information | This vulnerability occurs when an application fails to capture or present crucial security-related details, such as the origin of a request or the specifics of a security event. Without this information, developers and security teams cannot effectively trace attacks or validate whether an operation is legitimate. |
| CWE-224 | Obscured Security-relevant Information by Alternate Name | This vulnerability occurs when a system logs or reports security-critical events using a nickname or alias for a component, instead of its official, unique identifier. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.