Cyber Resilience

CWE · MITRE source

CWE-117Improper Output Neutralization for Logs

Abstraction: Base · CVEs in our corpus: 101

The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 6 mapping(s) from 3 framework(s): CAPEC 3 (partial) · OWASP-Web 2 (mostly) · ATT&CK 1 (partial)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A09:2025 Security Logging and Alerting Failures.

NIST 800-53 r5 controls that address this weakness (2)AI

Control Title Family Why it addresses this CWE
AU-1Policy and ProceduresAUPolicy and procedures require sanitization and neutralization when generating audit logs to avoid injection issues.
SI-15Information Output FilteringSIRequiring output to conform to expected content prevents unneutralized data from reaching logs.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2023-463217.09.80.00662023-10-23
CVE-2023-463227.09.80.00662023-10-23
CVE-2024-00957.09.00.00542024-06-13
CVE-2026-255487.09.10.00772026-02-18
CVE-2019-148465.57.80.00512019-10-08
CVE-2020-256465.57.50.01382020-10-29
CVE-2022-221515.58.10.00772022-03-11
CVE-2023-327125.58.60.00342023-06-01
CVE-2023-39975.58.60.00282023-07-31
CVE-2023-45715.58.60.00232023-08-30
CVE-2024-290225.58.80.00702024-04-12
CVE-2024-324745.57.30.00432024-04-18
CVE-2024-250475.58.60.00642024-05-02
CVE-2024-470835.57.50.01552024-09-25
CVE-2025-271115.57.50.00702025-03-04
CVE-2024-96065.57.50.00712025-03-20
CVE-2025-54813 UPD5.57.50.01212025-08-22
CVE-2025-575645.58.20.00352025-10-07
CVE-2025-597845.57.20.00292026-03-04
CVE-2026-24308 UPD5.57.50.01152026-03-07
CVE-2026-344785.57.50.00832026-04-10
CVE-2026-455655.58.10.00302026-06-10
CVE-2018-109323.54.30.01042018-08-21
CVE-2019-148583.55.50.00432019-10-14
CVE-2019-102133.56.50.00992019-11-25