Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

CVEs (321)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-0342 1Mongodb 1Ops Manager Server Feb 25, 2026 Jun 9, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and Mongo...Show more MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12Show less
CVE-2023-2541 1Knime 1Business Hub Nov 21, 2024 Jun 7, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or applicatio...Show more The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed.Show less
CVE-2023-32550 1Canonical 1Landscape Nov 21, 2024 Jun 6, 2023 N/A· v4 8.2 HIGH· v3 N/A· v2 Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API.
CVE-2023-0005 1Paloaltonetworks 1Pan Os Nov 21, 2024 Apr 12, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.
CVE-2022-34458 1Dell 3Alienware Update Command UpdateUpdate Nov 21, 2024 Feb 1, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Dell Command \| Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local...Show more Dell Command \| Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data. Show less
CVE-2022-38710 1Ibm 3Robotic Process Automation Robotic Process Automation As A ServiceRobotic Process Automation For Cloud Pak Nov 21, 2024 Nov 3, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292.
CVE-2022-2403 1Redhat 1Openshift Nov 21, 2024 Sep 1, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated Open...Show more A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.Show less
CVE-2022-1902 1Redhat 1Advanced Cluster Security Nov 21, 2024 Sep 1, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL A...Show more A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.Show less
CVE-2022-20664 1Cisco 2Email Security Appliance Secure Email And Web Manager Nov 21, 2024 Jun 15, 2022 N/A· v4 7.7 HIGH· v3 3.5 LOW· v2 A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote att...Show more A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials.Show less
CVE-2022-20734 1Cisco 1Catalyst Sd Wan Manager Nov 21, 2024 May 4, 2022 N/A· v4 4.4 MEDIUM· v3 4.9 MEDIUM· v2 A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An au...Show more A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.Show less
CVE-2022-28651 1Jetbrains 1Intellij Idea Nov 21, 2024 Apr 5, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields
CVE-2021-0291 1Juniper 2Junos Junos Os Evolved Nov 21, 2024 Jul 15, 2021 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to...Show more An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP port 705 on the internal routing instance. External connections destined to port 705 should not be allowed. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS Evolved versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 13.2R1.Show less
CVE-2021-31955 1Microsoft 8Windows 10 1809 Windows 10 1909Windows 10 2004+5 more Oct 30, 2025 Jun 8, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Windows Kernel Information Disclosure Vulnerability
CVE-2021-1544 1Cisco 1Webex Meetings Nov 21, 2024 Jun 4, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of applicati...Show more A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the local system and accessing files containing the logged details. A successful exploit could allow the attacker to gain access to sensitive information, including meeting data and recorded meeting transcriptions.Show less
CVE-2021-23135 1Argoproj 1Argo Cd Nov 21, 2024 May 12, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior...Show more Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.Show less
CVE-2021-1535 1Cisco 1Sd Wan Vmanage Nov 21, 2024 May 6, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerabili...Show more A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to allow the attacker to view sensitive information on the affected system.Show less
CVE-2021-0260 1Juniper 1Junos Nov 21, 2024 Apr 22, 2021 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure...Show more An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure of System Data to an Unauthorized Control Sphere, or write actions to OIDs that support write operations, against the device without authentication. This issue affects: Juniper Networks Junos OS: 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S6, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1.Show less
CVE-2021-1235 1Cisco 1Sd Wan Vmanage Nov 21, 2024 Jan 20, 2021 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization...Show more A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system.Show less
CVE-2020-25179 1Gehealthcare 1111.5t Brivo Mr355 Firmware 3.0t Signa Hd 16 Firmware3.0t Signa Hd 23 Firmware+108 more Nov 21, 2024 Dec 14, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
CVE-2020-26076 1Cisco 1Iot Field Network Director Nov 21, 2024 Nov 18, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentic...Show more A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device.Show less

Previous 1...13 14 151617 Next