IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703.
Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23.
The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation path in an error message.
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184179.
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341.
IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196315.
After attempting to upload a file that does not meet prerequisites, GMOD Apollo will respond with local path information disclosure
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts.
The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system.
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path). NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server."
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits.
Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds.
A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure through error message. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014.
Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called with missing or invalid parameters revealing sensitive information about the locations of paths that the server is using. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading.
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing.
Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ID and Client Secret would not be displayed in the UI, but would be returned in the underlying HTTP response to the end user. This could occur under the following conditions: An app installation made use of a Search UI component with the `async` flag set to true (default: true); auser types types into the Search Component which creates a request to the third-party for search or query results; and that third-party response may then fail validation and Sentry would return the `select-requester.invalid-response` error code along with a serialized version of a Sentry application containing the integration Client Secret. Should this error be found, it's reasonable to assume the potential exposure of an integration Client Secret. However, an ID and Secret pair alone does not provide direct access to any data. For that secret to be abused an attacker would also need to obtain a valid API token for a Sentry application. Sentry SaaS users do not need to take any action. For Sentry SaaS users, only a single application integration was impacted and the owner has rotated their Client Secret. No abuse of the leaked Client Secret has occurred. As of time of publication, a fix is available for users of Sentry self-hosted in pull request 81038. Sentry self-hosted does not ship with any application integrations. This could only impact self-hosted users that maintain their own integrations. In that case, search for a `select-requester.invalid-response` event. Please note that this error was also shared with another event unrelated to this advisory so Sentry self-hosted users will also need to review the parameters logged for each named event. Sentry self-hosted users may review `select_requester.py` for the instances where these errors can be generated. With the security fix this is no longer a shared event type. Sentry self-hosted users may not install version 24.11.0 and instead wait for the next release. Self-hosted instance that are already running the affected version may consider downgrading to to 24.10.0.
Generation of Error Message Containing analytics metadata Information in Apache Superset. This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.
Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4.
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations
Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through 3.10.2.
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist.
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely.
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API.
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file.
Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure.
An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication.
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181.
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 188895.
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.
IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716.
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04.
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.
Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510.
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.
Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity.
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses.
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub.