Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

CVEs (321)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-41781 1Ibm 1Powervm Hypervisor Aug 15, 2025 Nov 22, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker g...Show more IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore.Show less
CVE-2024-52033 - - Nov 21, 2024 Nov 20, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may...Show more Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi.Show less
CVE-2024-37070 1Ibm 1Concert Jul 18, 2025 Nov 19, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
CVE-2024-52582 - - Nov 19, 2024 Nov 19, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exc...Show more Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This may uncover secrets if tool used in CI/build pipelines as it's the main use case. Version 0.14.0 contains a patch for the issue. No known workarounds are available.Show less
CVE-2021-1234 1Cisco 1Catalyst Sd Wan Manager Aug 4, 2025 Nov 18, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulner...Show more A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Show less
CVE-2024-36509 1Fortinet 1Fortiweb Nov 14, 2024 Nov 12, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23...Show more An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.Show less
CVE-2024-47799 - - Nov 12, 2024 Nov 12, 2024 N/A· v4 3.5 LOW· v3 N/A· v2 Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticate...Show more Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain information of the other devices connected through the Wi-Fi.Show less
CVE-2024-50528 1Stacksmarket 1Stacks Mobile App Builder Apr 23, 2026 Nov 4, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mob...Show more Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile App Builder: from n/a through <= 5.2.3.Show less
CVE-2024-50425 - - Apr 23, 2026 Oct 29, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roland Murg WP Booking System wp-booking-system.This issue affects WP Booking System: from n/a through <= 2.0.19.10.
CVE-2024-48024 - - Apr 23, 2026 Oct 17, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily keep-backup-daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Daily:...Show more Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily keep-backup-daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Daily: from n/a through <= 2.1.3.Show less
CVE-2024-49252 - - Apr 23, 2026 Oct 16, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in VaultDweller Leyka leyka.This issue affects Leyka: from n/a through <= 3.31.6.
CVE-2024-9470 - - Oct 10, 2024 Oct 9, 2024 5.3 MEDIUM· v4 N/A· v3 N/A· v2 A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.
CVE-2024-6389 1Gitlab 1Gitlab Nov 21, 2024 Sep 12, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the relea...Show more An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions.Show less
CVE-2024-8687 1Paloaltonetworks 3Globalprotect Pan OsPrisma Access Oct 3, 2024 Sep 11, 2024 6.9 MEDIUM· v4 7.1 HIGH· v3 N/A· v2 An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconn...Show more An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.Show less
CVE-2023-42010 1Ibm 1Sterling B2b Integrator Nov 21, 2024 Jul 17, 2024 N/A· v4 3.7 LOW· v3 N/A· v2 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507.
CVE-2024-39740 1Ibm 2Datacap Datacap Navigator Nov 21, 2024 Jul 15, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009...Show more IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.Show less
CVE-2024-39675 - - Nov 21, 2024 Jul 9, 2024 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM...Show more A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.Show less
CVE-2024-31223 1Ethyca 1Fides Sep 4, 2025 Jul 3, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend....Show more Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. A vulnerability present starting in version 2.19.0 and prior to version 2.39.2rc0 allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of this server-side URL. This could result in disclosure of server-side configuration giving an attacker information on server-side ports, private IP addresses, and/or private domain names. The vulnerability has been patched in Fides version 2.39.2rc0. No known workarounds are available.Show less
CVE-2024-5735 1Admiror Design Studio 1Admirorframes Nov 21, 2024 Jun 28, 2024 6.3 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.
CVE-2024-6388 1Canonical 1Ubuntu Advantage Desktop Daemon Aug 27, 2025 Jun 27, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

Previous 1...131415 16 17 Next