CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Description
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-170 · CAPEC-694
CVEs mapped to this weakness (213)
page 4 of 11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4605 | Med | 0.42 | 6.5 | 0.00 | Apr 5, 2024 | A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information. | ||
| CVE-2026-9307 | Med | 0.41 | — | 0.00 | Jun 16, 2026 | A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can… | ||
| CVE-2025-27403 | Hig | 0.40 | — | 0.00 | Mar 11, 2025 | Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to… | ||
| CVE-2025-4229 | Med | 0.39 | — | 0.00 | Jun 13, 2025 | An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the… | ||
| CVE-2025-0059 | Med | 0.39 | 6.0 | 0.00 | Jan 14, 2025 | Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able… | ||
| CVE-2025-0056 | Med | 0.39 | 6.0 | 0.00 | Jan 14, 2025 | SAP GUI for Java saves user input on the client PC to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the… | ||
| CVE-2025-0055 | Med | 0.39 | 6.0 | 0.00 | Jan 14, 2025 | SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the… | ||
| CVE-2022-50237 | Med | 0.38 | 5.9 | 0.00 | Jul 28, 2025 | The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key. | ||
| CVE-2024-52321 | — | Med | 0.38 | 5.9 | 0.01 | Dec 23, 2024 | Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker. | |
| CVE-2025-46747 | — | Med | 0.37 | 5.7 | 0.00 | May 12, 2025 | An authenticated user without user-management permissions could identify other user accounts. | |
| CVE-2026-0466 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service. | ||
| CVE-2025-49419 | Med | 0.36 | 5.5 | 0.00 | Jun 6, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress esign-genie-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Foxit eSign for WordPress: from n/a through <= 2.0.3. | ||
| CVE-2025-30170 | Med | 0.36 | 5.5 | 0.00 | May 22, 2025 | Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX… | ||
| CVE-2024-11029 | Med | 0.36 | 5.5 | 0.00 | Jan 15, 2025 | A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal… | ||
| CVE-2024-22037 | Med | 0.36 | 5.5 | 0.00 | Nov 28, 2024 | The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users. | ||
| CVE-2025-32251 | Med | 0.35 | 5.3 | 0.00 | Apr 4, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Tyler Wiest Jetpack Feedback Exporter jetpack-feedback-exporter allows Retrieve Embedded Sensitive Data.This issue affects Jetpack Feedback Exporter: from n/a through <= 1.23. | ||
| CVE-2025-31832 | Med | 0.35 | 5.3 | 0.00 | Apr 1, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector acf-city-selector allows Retrieve Embedded Sensitive Data.This issue affects ACF City Selector: from n/a through <= 1.17.0. | ||
| CVE-2024-1809 | Med | 0.35 | 5.4 | 0.00 | May 2, 2024 | The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including,… | ||
| CVE-2026-49077 | Med | 0.34 | 5.3 | 0.00 | Jun 4, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2. | ||
| CVE-2026-25468 | Med | 0.34 | 5.3 | 0.00 | May 7, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8. |
- risk 0.42cvss 6.5epss 0.00
A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information.
- risk 0.41cvss —epss 0.00
A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can…
- risk 0.40cvss —epss 0.00
Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to…
- risk 0.39cvss —epss 0.00
An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the…
- risk 0.39cvss 6.0epss 0.00
Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able…
- risk 0.39cvss 6.0epss 0.00
SAP GUI for Java saves user input on the client PC to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the…
- risk 0.39cvss 6.0epss 0.00
SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the…
- risk 0.38cvss 5.9epss 0.00
The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key.
- risk 0.38cvss 5.9epss 0.01
Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker.
- risk 0.37cvss 5.7epss 0.00
An authenticated user without user-management permissions could identify other user accounts.
- risk 0.36cvss 5.5epss 0.00
Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.
- risk 0.36cvss 5.5epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress esign-genie-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Foxit eSign for WordPress: from n/a through <= 2.0.3.
- risk 0.36cvss 5.5epss 0.00
Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX…
- risk 0.36cvss 5.5epss 0.00
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal…
- risk 0.36cvss 5.5epss 0.00
The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users.
- risk 0.35cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Tyler Wiest Jetpack Feedback Exporter jetpack-feedback-exporter allows Retrieve Embedded Sensitive Data.This issue affects Jetpack Feedback Exporter: from n/a through <= 1.23.
- risk 0.35cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector acf-city-selector allows Retrieve Embedded Sensitive Data.This issue affects ACF City Selector: from n/a through <= 1.17.0.
- risk 0.35cvss 5.4epss 0.00
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including,…
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8.