CWE-204

Observable Response Discrepancy

Parent: CWE-203 - Observable Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

157 vulnerabilities with CWE-204
CVE-2024-39912 MEDIUM
web-auth/webauthn-lib - Info Disclosure
CVSS 5.3
CVE-2024-39211 MEDIUM
Kaiten 57.128.8 - User Account Enumeration via Login Response Discrepancy
CVSS 5.3
CVE-2024-36996 MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.1.2312.109 User Enumeration via SAML
CVSS 5.3
CVE-2024-38322 MEDIUM
IBM Storage Defender - Resiliency Service <2.0.5 - Info Disclosure
CVSS 5.3
CVE-2024-6056 LOW
nasirkhan/laravel_starter < 11.8.0 - Observable Response Discrepancy via Password Reset Email Parameter
CVSS 3.7
CVE-2024-31870 LOW
IBM Db2 for i <7.6 - Info Disclosure
CVSS 3.3
CVE-2024-33856 MEDIUM
Logpoint SIEM < 7.4.0 - Username Enumeration via Forgot Password Endpoint Response Timing
CVSS 5.3
CVE-2024-28232 MEDIUM
IceWhaleTech CasaOS-UserService >=0.4.7 <0.4.8 - Username Enumeration via Login Page
CVSS 6.2
CVE-2024-28868 LOW
Umbraco CMS 10.0.0-10.8.4 - User Enumeration via Native Login Screen
CVSS 3.7
CVE-2024-1145 MEDIUM
Devklan's Alma Blog <2.1.10 - Info Disclosure
CVSS 5.3
CVE-2024-2482 LOW
Surya2Developer Hostel Management Service 1.0 - Info Disclosure
CVSS 3.7
CVE-2024-24766 MEDIUM
CasaOS-UserService 0.4.4.3-0.4.6 - Username Enumeration via Login Error Messages
CVSS 6.2
CVE-2024-25146 MEDIUM
Liferay Portal/DXP - Info Disclosure
CVSS 5.3
CVE-2023-37413 MEDIUM
IBM Aspera Faspex 5.0.0-5.0.10 - Username Information Disclosure via Observable Response Discrepancy
CVSS 5.3
CVE-2023-47159 MEDIUM
IBM Sterling File Gateway 6.0.0.0-6.1.2.5 & 6.2.0.0-6.2.0.1 Username Enumeration via Response Discrepancy
CVSS 4.3
CVE-2023-49069 MEDIUM
Mendix Runtime <10.17.0, 10.12.<11, 10.6.<19 - Auth Bypass
CVSS 5.3
CVE-2023-33859 MEDIUM
IBM Security QRadar EDR <3.12 - Info Disclosure
CVSS 5.3
CVE-2023-27283 MEDIUM
IBM Aspera Orchestrator 4.0.1 - Info Disclosure
CVSS 5.3
CVE-2023-46170 MEDIUM
IBM DS8900F HMC Arbitrary File Read via File Name Enumeration
CVSS 6.5
CVE-2023-38362 MEDIUM
IBM CICS TX Advanced 10.1 - Info Disclosure
CVSS 5.3
CVE-2023-50306 MEDIUM
IBM Common Licensing 9.0 - Username Enumeration via Observable Response Discrepancy
CVSS 4.0
CVE-2023-23584 MEDIUM
Gallagher Command Centre < 8.50 - Information Disclosure via RESTAPI Response Discrepancy
CVSS 4.3
CVE-2023-37831 MEDIUM
Elenos ETG150 FM transmitter <3.12 - Info Disclosure
CVSS 5.3
CVE-2023-4095 MEDIUM
Arconte Aurea 1.5.0.0 - Info Disclosure
CVSS 5.3
CVE-2023-41885 MEDIUM
piccolo < 0.121.0 - User Enumeration via BaseUser.login
CVSS 5.3
Details
Vulnerabilities 157
Links
MITRE CWE Entry Search this CWE With Exploits