CWE-209

High likelihood

Generation of Error Message Containing Sensitive Information

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product generates an error message that includes sensitive information about its environment, users, or associated data.

561 vulnerabilities with CWE-209
CVE-2019-4219 MEDIUM
IBM Security Information Queue 1.0.0-1.0.2 - Sensitive Information Exposure via Error Message
CVSS 5.3
CVE-2019-12215 MEDIUM
Matomo 3.9.1 - Full Path Disclosure via Error Message in Safe Mode Template
CVSS 4.3
CVE-2019-9223 HIGH
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Information Exposure via Error Message
CVSS 7.5
CVE-2019-7644 CRITICAL
Auth0 Auth0-WCF-Service-JWT <1.0.4 - Info Disclosure
CVSS 9.8
CVE-2019-7612 CRITICAL
Logstash <5.6.15-6.6.1 - Info Disclosure
CVSS 9.8
CVE-2019-7550 MEDIUM
JForum 2.1.8 - Unauthenticated User Enumeration via Username Check Endpoint
CVSS 5.3
CVE-2018-19947 MEDIUM
QNAP Helpdesk < 3.0.3 - Sensitive Information Exposure
CVSS 4.3
CVE-2018-21032 MEDIUM
Hitachi Device Manager 7.0.0-00-8.7.0-99 & Compute Systems Manager < 8.7.1-00 - Sensitive Info Exposure
CVSS 4.3
CVE-2018-12886 HIGH
GCC 4.1-8.0 - Stack Protector Bypass via ARM Instruction Sequence
CVSS 8.1
CVE-2018-14623 MEDIUM
Katello - Authenticated SQL Injection via Errata API
CVSS 4.3
CVE-2018-17961 HIGH
Artifex Ghostscript < 9.25 - Sandbox Protection Bypass via Error Handler Setup
CVSS 8.6
CVE-2018-17891 LOW
Carestream Vue RIS <11.2 - Info Disclosure
CVSS 3.7
CVE-2018-10913 MEDIUM
glusterfs 3.12.0-3.12.13 - Information Disclosure via Xattr Request
CVSS 6.5
CVE-2018-14925 CRITICAL
Matera Banco 1.0.0 - Info Disclosure
CVSS 9.8
CVE-2018-14907 MEDIUM
3CX Web Server 15.5.8801.3 - Information Leakage via Stack Trace Error Handling
CVSS 5.3
CVE-2018-10624 MEDIUM
Johnson Controls Metasys System <8.0 - Info Disclosure
CVSS 6.5
CVE-2018-8042 HIGH
Apache Ambari <2.6.2 - Info Disclosure
CVSS 8.1
CVE-2018-12536 MEDIUM
Eclipse Jetty Server 9.x - Info Disclosure
CVSS 5.3
CVE-2018-1073 MEDIUM
ovirt-engine < 4.2.3 - User Enumeration via Web Console Login Error Messages
CVSS 5.3
CVE-2018-11325 CRITICAL
Joomla! < 3.8.8 - Plaintext Password Exposure in Web Installer
CVSS 9.8
CVE-2018-2379 MEDIUM
SAP HANA Extended Application Services 1.0 - Sensitive Information Exposure via Username Validation
CVSS 6.5
CVE-2017-16629 HIGH
SapphireIMS 4097_1 - Info Disclosure
CVSS 7.5
CVE-2017-2659 MEDIUM
dropbear_ssh < 2013.59 - Improper Authentication via GSSAPI Username Validation
CVSS 5.3
CVE-2017-2594 MEDIUM
hawtio < 1.5.0 - Path Traversal and Information Disclosure via NullPointerException
CVSS 5.4
CVE-2017-7551 CRITICAL
389-ds-base <1.3.5.19,1.3.6.7 - Info Disclosure
CVSS 9.8
Details
Vulnerabilities 561
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits