CWE-922
Allowed-with-ReviewInsecure Storage of Sensitive Information
Abstraction: Class · Status: Incomplete
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
437 vulnerabilities reference this CWE, most recent first.
GHSA-8C62-M5JV-V339
Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information.
{
"affected": [],
"aliases": [
"CVE-2025-32751"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-22T15:16:25Z",
"severity": "MODERATE"
},
"details": "Dell PowerFlex Manager, version(s) \u003c=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information.",
"id": "GHSA-8c62-m5jv-v339",
"modified": "2026-05-26T13:30:17Z",
"published": "2026-05-26T13:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32751"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8F46-HH28-CQ8H
Vulnerability from github – Published: 2024-06-07 15:30 – Updated: 2024-11-05 15:30Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices.
{
"affected": [],
"aliases": [
"CVE-2024-36788"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-07T15:15:50Z",
"severity": "MODERATE"
},
"details": "Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices.",
"id": "GHSA-8f46-hh28-cq8h",
"modified": "2024-11-05T15:30:33Z",
"published": "2024-06-07T15:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36788"
},
{
"type": "WEB",
"url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8G27-WPJG-5VV9
Vulnerability from github – Published: 2024-01-23 03:31 – Updated: 2026-04-02 21:31A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences.
{
"affected": [],
"aliases": [
"CVE-2024-23217"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-23T01:15:11Z",
"severity": "LOW"
},
"details": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences.",
"id": "GHSA-8g27-wpjg-5vv9",
"modified": "2026-04-02T21:31:35Z",
"published": "2024-01-23T03:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23217"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120304"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120306"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120309"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120886"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214059"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214060"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214061"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214059"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214061"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214085"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jan/33"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jan/36"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jan/39"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8GGQ-3HM2-4VC4
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:04In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109769728
{
"affected": [],
"aliases": [
"CVE-2019-9253"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-27T19:15:00Z",
"severity": "MODERATE"
},
"details": "In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109769728",
"id": "GHSA-8ggq-3hm2-4vc4",
"modified": "2024-04-04T02:04:46Z",
"published": "2022-05-24T16:57:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9253"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8J44-9FWW-XJ8C
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.
{
"affected": [],
"aliases": [
"CVE-2021-28653"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-19T00:15:00Z",
"severity": "MODERATE"
},
"details": "The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.",
"id": "GHSA-8j44-9fww-xj8c",
"modified": "2022-05-24T17:44:57Z",
"published": "2022-05-24T17:44:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28653"
},
{
"type": "WEB",
"url": "https://www.westerndigital.com/support/productsecurity/wdc-21003-armorLock-insecure-key-storage-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8MXW-GWCH-F49P
Vulnerability from github – Published: 2022-11-14 19:00 – Updated: 2022-11-17 03:30IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447.
{
"affected": [],
"aliases": [
"CVE-2022-34312"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-14T18:15:00Z",
"severity": "LOW"
},
"details": "IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447.",
"id": "GHSA-8mxw-gwch-f49p",
"modified": "2022-11-17T03:30:51Z",
"published": "2022-11-14T19:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34312"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229447"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6833150"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6833156"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8P2W-38P2-R2JF
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.
{
"affected": [],
"aliases": [
"CVE-2021-20396"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-11T15:15:00Z",
"severity": "LOW"
},
"details": "IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.",
"id": "GHSA-8p2w-38p2-r2jf",
"modified": "2022-05-24T19:05:11Z",
"published": "2022-05-24T19:05:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20396"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196009"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6462585"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8PWC-Q3G2-WHVM
Vulnerability from github – Published: 2023-05-08 21:31 – Updated: 2024-04-04 03:51The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data
{
"affected": [],
"aliases": [
"CVE-2023-27942"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-08T20:15:17Z",
"severity": "MODERATE"
},
"details": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data",
"id": "GHSA-8pwc-q3g2-whvm",
"modified": "2024-04-04T03:51:47Z",
"published": "2023-05-08T21:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27942"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213670"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213674"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213675"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213676"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213677"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213678"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213675"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8QCH-QWG3-VF6M
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-07-13 00:01System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials.
{
"affected": [],
"aliases": [
"CVE-2021-27004"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-01T13:15:00Z",
"severity": "MODERATE"
},
"details": "System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials.",
"id": "GHSA-8qch-qwg3-vf6m",
"modified": "2022-07-13T00:01:12Z",
"published": "2022-05-24T19:19:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27004"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/NTAP-20211029-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8QPV-G9XR-QM6V
Vulnerability from github – Published: 2024-12-10 03:31 – Updated: 2024-12-10 03:31Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster.
{
"affected": [],
"aliases": [
"CVE-2024-37144"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-10T03:15:05Z",
"severity": "HIGH"
},
"details": "Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster.",
"id": "GHSA-8qpv-g9xr-qm6v",
"modified": "2024-12-10T03:31:45Z",
"published": "2024-12-10T03:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37144"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.