|
|
|
|
CWE CATEGORY: Audit / Logging Errors
|
Category ID: 1210
Vulnerability Mapping:
PROHIBITED
This CWE ID must not be used to map to real-world vulnerabilities
|
 Summary
Weaknesses in this category are related to audit-based components of a software system. Frequently these deal with logging user activities in order to identify undesired access and modifications to the system. The weaknesses in this category could lead to a degradation of the quality of the audit capability if they are not addressed.
Membership
| Nature |
Type |
ID |
Name |
| MemberOf |
 View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). |
699 |
Software Development
|
| HasMember |
 Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
117 |
Improper Output Neutralization for Logs
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
222 |
Truncation of Security-relevant Information
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
223 |
Omission of Security-relevant Information
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
224 |
Obscured Security-relevant Information by Alternate Name
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
778 |
Insufficient Logging
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
779 |
Logging of Excessive Data
|
Vulnerability Mapping Notes
|
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
|
|
Reason:
Category
|
|
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
|
|
Comments: See member weaknesses of this category.
|
More information is available — Please edit the custom filter or select a different filter.
|
