CWE-497
AllowedExposure of Sensitive System Information to an Unauthorized Control Sphere
Abstraction: Base · Status: Incomplete
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
669 vulnerabilities reference this CWE, most recent first.
GHSA-5FH6-8XC5-75VW
Vulnerability from github – Published: 2025-11-15 00:30 – Updated: 2025-11-15 00:30Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems.
{
"affected": [],
"aliases": [
"CVE-2022-4985"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-14T23:15:43Z",
"severity": "HIGH"
},
"details": "Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems.",
"id": "GHSA-5fh6-8xc5-75vw",
"modified": "2025-11-15T00:30:26Z",
"published": "2025-11-15T00:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4985"
},
{
"type": "WEB",
"url": "https://cxsecurity.com/issue/WLB-2022010024"
},
{
"type": "WEB",
"url": "https://help.vodacom.co.za/personal/home/61/9493/1023659/Vodafone-H500s-WiFi-router"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/50636"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/vodafone-h500s-wifi-password-disclosure-via-activation-json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5FVP-2CV7-MXFG
Vulnerability from github – Published: 2025-12-21 21:30 – Updated: 2026-04-01 18:36Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool allows Retrieve Embedded Sensitive Data.This issue affects TempTool: from n/a through 1.3.1.
{
"affected": [],
"aliases": [
"CVE-2025-62955"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-21T21:15:49Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool allows Retrieve Embedded Sensitive Data.This issue affects TempTool: from n/a through 1.3.1.",
"id": "GHSA-5fvp-2cv7-mxfg",
"modified": "2026-04-01T18:36:23Z",
"published": "2025-12-21T21:30:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62955"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/current-template-name/vulnerability/wordpress-temptool-show-current-template-info-plugin-1-3-1-sensitive-data-exposure-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/wordpress/plugin/current-template-name/vulnerability/wordpress-temptool-show-current-template-info-plugin-1-3-1-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5GVJ-R2G2-WV2X
Vulnerability from github – Published: 2026-06-12 21:31 – Updated: 2026-06-12 21:31Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data.
This issue affects Hash Elements: from n/a through 1.5.4.
{
"affected": [],
"aliases": [
"CVE-2026-24618"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-12T21:16:21Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data.\n\nThis issue affects Hash Elements: from n/a through 1.5.4.",
"id": "GHSA-5gvj-r2g2-wv2x",
"modified": "2026-06-12T21:31:45Z",
"published": "2026-06-12T21:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24618"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/hash-elements/vulnerability/wordpress-hash-elements-plugin-1-5-4-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5JX5-2F25-63X5
Vulnerability from github – Published: 2025-07-10 21:31 – Updated: 2025-08-27 18:31Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file.
These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
{
"affected": [],
"aliases": [
"CVE-2025-4662"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T21:15:28Z",
"severity": "MODERATE"
},
"details": "Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file.\n\nThese audit logs are the local server VM\u2019s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.",
"id": "GHSA-5jx5-2f25-63x5",
"modified": "2025-08-27T18:31:50Z",
"published": "2025-07-10T21:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4662"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35908"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5M99-JM9Q-CFC4
Vulnerability from github – Published: 2026-02-04 21:30 – Updated: 2026-02-04 21:30IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server.
{
"affected": [],
"aliases": [
"CVE-2025-27550"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-04T21:15:57Z",
"severity": "LOW"
},
"details": "IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server.",
"id": "GHSA-5m99-jm9q-cfc4",
"modified": "2026-02-04T21:30:32Z",
"published": "2026-02-04T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27550"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7258083"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6354-6HWJ-CJVQ
Vulnerability from github – Published: 2026-05-13 21:32 – Updated: 2026-07-13 15:31An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.
{
"affected": [],
"aliases": [
"CVE-2026-0240"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-13T19:16:57Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server\u0027s vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.",
"id": "GHSA-6354-6hwj-cjvq",
"modified": "2026-07-13T15:31:33Z",
"published": "2026-05-13T21:32:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0240"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2026-0240"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-6358-8VPH-JX32
Vulnerability from github – Published: 2025-06-13 06:30 – Updated: 2025-06-13 06:30An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2025-4229"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-13T06:15:22Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS\u00ae software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall.\n\nCloud NGFW and Prisma\u00ae Access are not affected by this vulnerability.",
"id": "GHSA-6358-8vph-jx32",
"modified": "2025-06-13T06:30:26Z",
"published": "2025-06-13T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4229"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2025-4229"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:X/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-63WJ-8G85-55H4
Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-09-18 18:30IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system.
{
"affected": [],
"aliases": [
"CVE-2025-36146"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T16:15:50Z",
"severity": "MODERATE"
},
"details": "IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system.",
"id": "GHSA-63wj-8g85-55h4",
"modified": "2025-09-18T18:30:28Z",
"published": "2025-09-18T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36146"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7245384"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-654C-35QV-MG5R
Vulnerability from github – Published: 2025-10-06 09:30 – Updated: 2025-10-06 09:30Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering.
{
"affected": [],
"aliases": [
"CVE-2025-58585"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-06T07:15:35Z",
"severity": "MODERATE"
},
"details": "Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering.",
"id": "GHSA-654c-35qv-mg5r",
"modified": "2025-10-06T09:30:19Z",
"published": "2025-10-06T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58585"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf"
},
{
"type": "WEB",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-68HG-5Q58-G3CV
Vulnerability from github – Published: 2025-02-12 15:32 – Updated: 2025-02-12 15:32An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.
{
"affected": [],
"aliases": [
"CVE-2025-1212"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-12T15:15:18Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.",
"id": "GHSA-68hg-5q58-g3cv",
"modified": "2025-02-12T15:32:02Z",
"published": "2025-02-12T15:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1212"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/502196"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
CAPEC-170: Web Application Fingerprinting
An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
CAPEC-694: System Location Discovery
An adversary collects information about the target system in an attempt to identify the system's geographical location.
Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.