Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-5213

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Dec, 2014 | 18:00
Updated At-06 Aug, 2024 | 11:41
Rejected At-
Credits

nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Dec, 2014 | 18:00
Updated At:06 Aug, 2024 | 11:41
Rejected At:
▼CVE Numbering Authority (CNA)

nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/534284
mailing-list
x_refsource_BUGTRAQ
http://www.securitytracker.com/id/1031408
vdb-entry
x_refsource_SECTRACK
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt
x_refsource_MISC
https://www.novell.com/support/kb/doc.php?id=3426981
x_refsource_CONFIRM
https://bugzilla.novell.com/show_bug.cgi?id=904135
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/534284
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securitytracker.com/id/1031408
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt
Resource:
x_refsource_MISC
Hyperlink: https://www.novell.com/support/kb/doc.php?id=3426981
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.novell.com/show_bug.cgi?id=904135
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/534284
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securitytracker.com/id/1031408
vdb-entry
x_refsource_SECTRACK
x_transferred
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt
x_refsource_MISC
x_transferred
https://www.novell.com/support/kb/doc.php?id=3426981
x_refsource_CONFIRM
x_transferred
https://bugzilla.novell.com/show_bug.cgi?id=904135
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/534284
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securitytracker.com/id/1031408
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.novell.com/support/kb/doc.php?id=3426981
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.novell.com/show_bug.cgi?id=904135
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:19 Dec, 2014 | 18:59
Updated At:12 Apr, 2025 | 10:46

nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
Novell
novell
>>edirectory>>Versions up to 8.8(inclusive)
cpe:2.3:a:novell:edirectory:*:sp8:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/archive/1/534284cve@mitre.org
N/A
http://www.securitytracker.com/id/1031408cve@mitre.org
N/A
https://bugzilla.novell.com/show_bug.cgi?id=904135cve@mitre.org
N/A
https://www.novell.com/support/kb/doc.php?id=3426981cve@mitre.org
Vendor Advisory
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txtcve@mitre.org
Exploit
http://www.securityfocus.com/archive/1/534284af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1031408af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.novell.com/show_bug.cgi?id=904135af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.novell.com/support/kb/doc.php?id=3426981af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
Hyperlink: http://www.securityfocus.com/archive/1/534284
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1031408
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.novell.com/show_bug.cgi?id=904135
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.novell.com/support/kb/doc.php?id=3426981
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.securityfocus.com/archive/1/534284
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1031408
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.novell.com/show_bug.cgi?id=904135
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.novell.com/support/kb/doc.php?id=3426981
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

944Records found
CVE-2015-0517
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4||MEDIUM
EPSS-0.22% / 43.91%
||
7 Day CHG~0.00%
Published-14 Feb, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-documentum_d2n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-0673
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-0.36% / 57.56%
||
7 Day CHG~0.00%
Published-26 Mar, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-mobility_services_enginen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-0174
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.17% / 37.53%
||
7 Day CHG~0.00%
Published-26 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4901
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.27%
||
7 Day CHG-0.01%
Published-06 Nov, 2019 | 16:49
Updated-07 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.

Action-Not Available
Vendor-TYPO3 Association
Product-typo3TYPO3
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4014
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-0.16% / 37.21%
||
7 Day CHG~0.00%
Published-02 May, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_control_system_softwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-9354
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.21% / 43.20%
||
7 Day CHG~0.00%
Published-06 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage.

Action-Not Available
Vendor-n/aNetApp, Inc.
Product-oncommand_balancen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-9049
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.18% / 39.04%
||
7 Day CHG~0.00%
Published-04 Feb, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method.

Action-Not Available
Vendor-n/aownCloud GmbH
Product-owncloud_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-8735
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.22% / 44.01%
||
7 Day CHG~0.00%
Published-12 Nov, 2014 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file.

Action-Not Available
Vendor-bad_behavior_projectn/a
Product-bad_behaviorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-9691
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.74%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow users who log in to the products to view the sessions IDs of all online users on the Online Users page of the web UI.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-tecal_rh5885h_v3tecal_dh620_v2tecal_ch242_v3tecal_xh320_v2tecal_rh2288h_v2_firmwaretecal_dh628_v2_firmwaretecal_dh320_v2tecal_bh640_v2_firmwaretecal_ch242_firmwaretecal_rh2288h_v2tecal_dh320_v2_firmwaretecal_ch221tecal_ch221_firmwaretecal_rh5885_v3_firmwaretecal_xh311_v2tecal_rh2265_v2_firmwaretecal_rh5885_v2tecal_bh621_v2_firmwaretecal_ch242tecal_xh310_v2tecal_dh621_v2_firmwaretecal_xh621_v2tecal_rh2265_v2tecal_rh2285h_v2_firmwaretecal_ch140tecal_rh1288_v2_firmwaretecal_bh622_v2tecal_dh310_v2_firmwaretecal_rh2288_v2_firmwaretecal_rh2268_v2_firmwaretecal_rh2268_v2tecal_ch240tecal_rh2285_v2_firmwaretecal_bh640_v2tecal_xh311_v2_firmwaretecal_ch220_firmwaretecal_bh620_v2_firmwaretecal_ch222_firmwaretecal_dh620_v2_firmwaretecal_dh628_v2tecal_xh320_v2_firmwaretecal_ch220tecal_ch222tecal_ch121_firmwaretecal_rh2288_v2tecal_xh310_v2_firmwaretecal_rh5885_v2_firmwaretecal_ch240_firmwaretecal_rh2285_v2tecal_bh621_v2tecal_rh2485_v2_firmwaretecal_rh5885h_v3_firmwaretecal_xh621_v2_firmwaretecal_ch140_firmwaretecal_ch121tecal_rh2285h_v2tecal_dh621_v2tecal_bh622_v2_firmwaretecal_dh310_v2tecal_bh620_v2tecal_rh2485_v2tecal_ch242_v3_firmwaretecal_rh5885_v3tecal_rh1288_v2Tecal RH1288 V2,Tecal RH2265 V2,Tecal RH2285 V2,Tecal RH2265 V2,Tecal RH2285H V2,Tecal RH2268 V2,Tecal RH2288 V2,Tecal RH2288H V2,Tecal RH2485 V2,Tecal RH5885 V2,Tecal RH5885 V3,Tecal RH5885H V3,Tecal XH310 V2,Tecal XH311 V2,Tecal XH320 V2,Tecal XH621 V2,Tecal DH310 V2,Tecal DH320 V2,Tecal DH620 V2,Tecal DH621 V2,Tecal DH628 V2,Tecal BH620 V2,Tecal BH621 V2,Tecal BH622 V2,Tecal BH640 V2,Tecal CH121,Tecal CH140,Tecal CH220,Tecal CH221,Tecal CH222,Tecal CH240,Tecal CH242,Tecal CH242 V3, Tecal RH1288 V2 V100R002C00SPC107 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285 V2 V100R002C00SPC115 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285H V2 V100R002C00SPC111 and earlier versions,Tecal RH2268 V2 V100R002C00,Tecal RH2288 V2 V100R002C00SPC117 and earlier versions,Tecal RH2288H V2 V100R002C00SPC115 and earlier versions,Tecal RH2485 V2 V100R002C00SPC502 and earlier versions,Tecal RH5885 V2 V100R001C02SPC109 and earlier versions,Tecal RH5885 V3 V100R003C01SPC102 and earlier versions,Tecal RH5885H V3 V100R003C00SPC102 and earlier versions,Tecal XH310 V2 V100R001C00SPC110 and earlier versions,Tecal XH311 V2 V100R001C00SPC110 and earlier versions,Tecal XH320 V2 V100R001C00SPC110 and earlier versions,Tecal XH621 V2 V100R001C00SPC106 and earlier versions,Tecal DH310 V2 V100R001C00SPC110 and earlier versions,Tecal DH320 V2 V100R001C00SPC106 and earlier versions,Tecal DH620 V2 V100R001C00SPC106 and earlier versions,Tecal DH621 V2 V100R001C00SPC107 and earlier versions,Tecal DH628 V2 V100R001C00SPC107 and earlier versions,Tecal BH620 V2 V100R002C00SPC107 and earlier versions,Tecal BH621 V2 V100R002C00SPC106 and earlier versions,Tecal BH622 V2 V100R002C00SPC110 ?and earlier versions,Tecal BH640 V2 V100R002C00SPC108 and earlier versions,Tecal CH121 V100R001C00SPC180 and earlier versions,Tecal CH140 V100R001C00SPC110 and earlier versions,Tecal CH220 V100R001C00SPC180 and earlier versions,Tecal CH221 V100R001C00SPC180 and earlier versions,Tecal CH222 V100R002C00SPC180 and earlier versions,Te ...[truncated*]
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6672
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-5.7||MEDIUM
EPSS-0.54% / 67.21%
||
7 Day CHG~0.00%
Published-15 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SB10240 - ePolicy Orchestrator (ePO) - Information disclosure vulnerablity

Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.

Action-Not Available
Vendor-McAfee, LLC
Product-epolicy_orchestratorePolicy Orchestrator (ePO)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-9577
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-08 Jan, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response.

Action-Not Available
Vendor-vdgsecurityn/a
Product-vdg_sensen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-9247
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-4||MEDIUM
EPSS-0.31% / 54.05%
||
7 Day CHG~0.00%
Published-15 Dec, 2014 | 17:27
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka ZEN-15389.

Action-Not Available
Vendor-zenossn/a
Product-zenoss_coren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-7900
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.48%
||
7 Day CHG~0.00%
Published-02 Jan, 2019 | 16:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-hg8110h_firmwarehg8045qhg8010h_firmwarehg8240h_firmwarehg8045q_firmwarehg8040hhg8110hhg8242hhg8010hhg8040h_firmwarehg8242h_firmwarehg8240hsome HG products
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-9355
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.10% / 26.55%
||
7 Day CHG~0.00%
Published-19 Dec, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.

Action-Not Available
Vendor-n/aPerforce Software, Inc. ("Puppet")
Product-puppet_enterprisen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4817
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.33% / 55.10%
||
7 Day CHG~0.00%
Published-13 Mar, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account.

Action-Not Available
Vendor-n/aIBM Corporation
Product-trivoli_service_request_managertivoli_asset_management_for_itmaximo_service_deskmaximo_asset_management_essentialsmaximo_asset_managementtivoli_change_and_configuration_management_databasen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-8487
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.28% / 51.32%
||
7 Day CHG~0.00%
Published-24 Feb, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earlier allows remote authenticated users to read (1) arbitrary messages via the messageId parameter to selfservice/managedevice/getMessageBody or (2) requests via the requestId parameter to selfservice/devicemgmt/getDeviceInfoTab.htm.

Action-Not Available
Vendor-konyn/a
Product-enterprise_mobile_managementn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-9156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.15% / 35.71%
||
7 Day CHG~0.00%
Published-01 Dec, 2014 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file.

Action-Not Available
Vendor-filefield_projectn/a
Product-filefieldn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-9154
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.18% / 39.04%
||
7 Day CHG~0.00%
Published-01 Dec, 2014 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.

Action-Not Available
Vendor-notify_projectn/a
Product-notifyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-9127
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 45.02%
||
7 Day CHG~0.00%
Published-08 Feb, 2020 | 16:36
Updated-06 Aug, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php.

Action-Not Available
Vendor-open-schooln/a
Product-open-schooln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-8788
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.20% / 41.87%
||
7 Day CHG~0.00%
Published-02 Dec, 2014 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message.

Action-Not Available
Vendor-gleamtechn/a
Product-filevistan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-8391
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-9.74% / 92.76%
||
7 Day CHG~0.00%
Published-02 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.

Action-Not Available
Vendor-sendion/a
Product-sendion/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-7195
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.14% / 34.31%
||
7 Day CHG~0.00%
Published-21 Nov, 2014 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-silver_fabric_enablerspotfire_web_playerspotfire_deployment_kitn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-8372
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.13% / 32.04%
||
7 Day CHG~0.00%
Published-11 Dec, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-airwatchn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-7831
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.25% / 48.20%
||
7 Day CHG~0.00%
Published-24 Nov, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-7988
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-0.31% / 53.40%
||
7 Day CHG~0.00%
Published-07 Nov, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unity_connectionn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4581
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.20% / 41.87%
||
7 Day CHG~0.00%
Published-20 Jul, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-7833
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.27% / 50.36%
||
7 Day CHG~0.00%
Published-24 Nov, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-7853
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.43% / 61.95%
||
7 Day CHG~0.00%
Published-13 Feb, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_application_platformjboss_operations_networkn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-8112
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-10 Mar, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.

Action-Not Available
Vendor-n/aFedora Project
Product-389_directory_serverfedoran/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-8032
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-0.21% / 42.87%
||
7 Day CHG~0.00%
Published-09 Jan, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-6131
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.16% / 36.71%
||
7 Day CHG~0.00%
Published-18 Mar, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_doors_next_generationrational_collaborative_lifecycle_managementrational_team_concertrational_requirements_composerrational_quality_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-31091
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.34% / 56.24%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 00:00
Updated-23 Apr, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Change in port should be considered a change in origin in Guzzle

Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.

Action-Not Available
Vendor-guzzlephpguzzleDebian GNU/Linux
Product-debian_linuxguzzleguzzle
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-31032
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 56.85%
||
7 Day CHG~0.00%
Published-29 Jun, 2022 | 17:45
Updated-23 Apr, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Resources of private projects can be exposed in Tuleap

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-6064
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.24% / 47.50%
||
7 Day CHG~0.00%
Published-02 Sep, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-web_gatewayn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-6138
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.16% / 36.77%
||
7 Day CHG~0.00%
Published-12 Dec, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_datapower_xc10_appliance_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-31095
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 42.90%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 19:00
Updated-23 Apr, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposure of Sensitive Information in discourse-chat

discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily affecting direct message channels. There are no known workarounds for this issue, and users are advised to update the plugin.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discourse-chatdiscourse-chat
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-862
Missing Authorization
CVE-2022-31046
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.42%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 20:40
Updated-23 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure via Export Module in TYPO3 CMS

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users.

Action-Not Available
Vendor-TYPO3 Association
Product-typo3typo3
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2014-5028
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.97%
||
7 Day CHG~0.00%
Published-29 Mar, 2018 | 18:00
Updated-06 Aug, 2024 | 11:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.

Action-Not Available
Vendor-reviewboardn/a
Product-review_boardn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-5130
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.93% / 75.63%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 21:00
Updated-06 Aug, 2024 | 11:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Avolve Software ProjectDox 8.1 allows remote authenticated users to obtain sensitive information from other users via vectors involving a direct access token.

Action-Not Available
Vendor-avolvesoftwaren/a
Product-projectdoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-4819
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.27% / 49.67%
||
7 Day CHG~0.00%
Published-18 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_message_brokerintegration_busn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-3884
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.65%
||
7 Day CHG~0.00%
Published-07 Apr, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-evolved_programmable_network_managerprime_infrastructureCisco Prime Infrastructure and Cisco Evolved Programmable Network Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-4874
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-4||MEDIUM
EPSS-16.05% / 94.61%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.

Action-Not Available
Vendor-bmcn/a
Product-track-it\!n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-4761
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.23% / 45.13%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_portaln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-3667
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.06% / 17.24%
||
7 Day CHG~0.00%
Published-16 Oct, 2014 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-openshiftjenkinsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3829
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-4||MEDIUM
EPSS-36.12% / 96.99%
||
7 Day CHG~0.00%
Published-29 Jan, 2012 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.

Action-Not Available
Vendor-sitrackern/a
Product-support_incident_trackern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-8007
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-0.18% / 39.04%
||
7 Day CHG~0.00%
Published-20 Dec, 2014 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_infrastructuren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-3680
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.07% / 22.53%
||
7 Day CHG~0.00%
Published-16 Oct, 2014 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-openshiftjenkinsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-4031
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.18% / 39.04%
||
7 Day CHG~0.00%
Published-15 Jul, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpassn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-9139
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.71%
||
7 Day CHG~0.00%
Published-19 Aug, 2025 | 13:02
Updated-11 Sep, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Scada-LTS WatchListDwr.init.dwr information disclosure

A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk change to the user due to malicious admin actions will not be lower."

Action-Not Available
Vendor-scada-ltsn/a
Product-scada-ltsScada-LTS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2014-3641
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.33% / 55.52%
||
7 Day CHG~0.00%
Published-08 Oct, 2014 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

Action-Not Available
Vendor-n/aOpenStack
Product-cindern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 18
  • 19
  • Next
Details not found