CVEbaza.plSłownik CWECWE-210
Common Weakness Enumeration

CWE-210

Self-generated Error Message Containing Sensitive Information

Kategoria: BaseCVE: 3
Opis

Produkt identyfikuje warunek błędu i tworzy własne wiadomości diagnostyczne lub błędów zawierające informacje poufne. Narażone informacje mogą być wykorzystane przez atakujących do uzyskania dostępu do systemu lub jego obejścia.

Description (EN)

The product identifies an error condition and creates its own diagnostic or error messages that contain sensitive information.

Podatności CVE z CWE-210 (3)
8.0
CVSS
HIGH
CVE-2023-41027

Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.

pub. 2023-09-22
4.3
CVSS
MEDIUM
CVE-2021-40126

A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the new address already exists in the system. An attacker could exploit this vulnerability by attempting to modify the user's email address. A successful exploit could allow the attacker to enumerate email addresses of users in the system.

pub. 2021-11-04
4.3
CVSS
MEDIUM
CVE-2018-19947

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.

pub. 2020-09-11
Informacje
ID: CWE-210
Typ: Base
Podatności: 3
MITRE CWE ↗
← Słownik CWE
CWE-210 — Samoistnie Generowana Wiadomość Błędu Zawierająca Informacje Poufne | Słownik CWE | CVEbaza.pl