CWE-209

High likelihood

Generation of Error Message Containing Sensitive Information

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product generates an error message that includes sensitive information about its environment, users, or associated data.

561 vulnerabilities with CWE-209
CVE-2022-50686 HIGH
Kentico Xperience - Info Disclosure
CVSS 7.5
CVE-2022-22363 MEDIUM
IBM Cognos Controller <11.0.1 - Info Disclosure
CVSS 4.3
CVE-2022-35640 MEDIUM
IBM Sterling Partner Engagement Manager 6.2.2 - Info Disclosure
CVSS 4.0
CVE-2022-32756 LOW
IBM Security Verify Directory 10.0.0 - Sensitive Information Exposure via Error Message
CVSS 2.7
CVE-2022-43891 LOW
IBM Security Verify Privilege On-Premises 11.5 - Info Disclosure
CVSS 2.7
CVE-2022-4870 MEDIUM
Octopus Server 3.0.0-2023.1.9879 - Information Disclosure via Error Message
CVSS 5.3
CVE-2022-4770 MEDIUM
Hitachi Vantara Pentaho Business Analytics Server < 9.3.0.2 - Sensitive Information Exposure via SQL Error Message
CVSS 4.3
CVE-2022-4769 MEDIUM
Hitachi Vantara Pentaho Business Analytics Server < 9.3.0.2 - Sensitive Information Exposure via Invalid File Upload
CVSS 4.3
CVE-2022-46675 MEDIUM
Wyse Management Suite Repository <3.8 - Info Disclosure
CVSS 5.3
CVE-2022-46371 MEDIUM
Alotcer AR7088H-A <16.10.3 - Info Disclosure
CVSS 5.3
CVE-2022-22449 MEDIUM
IBM Security Verify Governance 10.01 - Sensitive Information Exposure via Error Message
CVSS 5.3
CVE-2022-22760 MEDIUM
Firefox < 97.0 and Firefox ESR < 91.6 - Information Disclosure via Web Worker Resource Import Error Messages
CVSS 6.5
CVE-2022-39304 MEDIUM
ghinstallation < 2.0.0 - Sensitive Information Exposure via Error Message
CVSS 5.0
CVE-2022-20525 LOW
Android 13 - Information Disclosure via Visual Voicemail Package Name Leak
CVSS 3.3
CVE-2022-34881 LOW
Hitachi JP1/Automatic Operation 10-00-10-54-03 11-00-11-51-09 12-00-12-60-01 - Information Disclosure via Error Message
CVSS 3.3
CVE-2022-39307 MEDIUM
Grafana < 8.5.15 and 9.0.0-9.2.4 - Unauthenticated Sensitive Information Disclosure via Password Reset Endpoint
CVSS 6.7
CVE-2022-40292 MEDIUM
php_point_of_sale - Unauthenticated User Enumeration via Unsecured Endpoint
CVSS 5.3
CVE-2022-2508 MEDIUM
Octopus Server < 2022.1.3264 - Information Disclosure via Verbose Error Messages
CVSS 5.3
CVE-2022-39315 MEDIUM
Kirby < 3.5.8.2, 3.6.6.2, 3.7.5.1, 3.8.1 - User Enumeration via Error Message Timing
CVSS 6.5
CVE-2022-38107 MEDIUM
SolarWinds SQL Sentry < 2021.18.10 - Sensitive Information Disclosure via Error Message
CVSS 5.3
CVE-2022-2760 MEDIUM
Octopus Server 2019.5.7-2022.1.3180 - Information Disclosure via Error Message
CVSS 4.3
CVE-2022-34882 CRITICAL
Hitachi RAID Manager Storage Replication Adapter < 02.03.02/02.05.00 - Authenticated Information Exposure
CVSS 9.0
CVE-2022-35715 HIGH
IBM InfoSphere Information Server 11.7 - Info Disclosure
CVSS 7.5
CVE-2022-33930 MEDIUM
Dell Wyse Management Suite <3.6.1 - Info Disclosure
CVSS 4.3
CVE-2022-31189 MEDIUM
DSpace 4.0-6.3 - Information Disclosure via JSPUI Internal Error Stack Trace
CVSS 5.3
Details
Vulnerabilities 561
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits