CWE-209

High likelihood

Generation of Error Message Containing Sensitive Information

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product generates an error message that includes sensitive information about its environment, users, or associated data.

561 vulnerabilities with CWE-209
CVE-2024-35134 MEDIUM
IBM Analytics Content Hub 2.0-<2.3 - Sensitive Information Exposure via Error Message
CVSS 5.3
CVE-2024-35112 MEDIUM
IBM Control Center 6.2.1 and 6.3.1 - Information Disclosure via Detailed Error Messages
CVSS 5.4
CVE-2024-35111 MEDIUM
IBM Control Center 6.2.1 and 6.3.1 - Sensitive Information Exposure via Error Message
CVSS 4.3
CVE-2024-13536 MEDIUM
1003 Mortgage Application 1.87 - Info Disclosure
CVSS 5.3
CVE-2024-52898 MEDIUM
IBM MQ 9.3.0-9.3.0.25 and 9.4.0-9.4.1.0 - Sensitive Information Exposure via Web Console Error Messages
CVSS 6.2
CVE-2024-25037 MEDIUM
IBM Cognos Controller <11.0.1 - Info Disclosure
CVSS 4.3
CVE-2024-52893 MEDIUM
IBM Concert 1.0.0-1.0.3 - Sensitive Information Exposure via Error Message
CVSS 5.3
CVE-2024-11625 HIGH
Progress Sitefinity 4.0-15.2.8421 - Information Exposure Through Error Message
CVSS 7.7
CVE-2024-5591 MEDIUM
IBM Jazz Foundation 7.0.2, 7.0.3, 7.1.0 - Sensitive Information Exposure via Error Message
CVSS 4.3
CVE-2024-39725 MEDIUM
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3 Sensitive Information Exposure
CVSS 5.3
CVE-2024-23945 MEDIUM
Apache Hive 1.2.0-4.0.0 and Apache Spark 2.0.0-3.3.4 - Sensitive Information Exposure via Cookie Signature Mismatch
CVSS 5.9
CVE-2024-52897 MEDIUM
IBM MQ 9.2.0.0-9.2.0.29, 9.3.0-9.4.0 - Sensitive Information Exposure via Web Console Error Messages
CVSS 6.2
CVE-2024-52896 MEDIUM
IBM MQ 9.2.0.0-9.2.0.29, 9.3.0-9.4.1.0 - Information Disclosure via Detailed Error Messages
CVSS 6.2
CVE-2024-49818 MEDIUM
IBM Security Guardium Key Lifecycle Manager <4.2.1 - Info Disclosure
CVSS 4.3
CVE-2024-54366 MEDIUM
Vimeography <2.4.4 - Info Disclosure
CVSS 5.3
CVE-2024-51460 MEDIUM
IBM InfoSphere Information Server 11.7 - Authenticated Sensitive Information Exposure via Stack Trace Error Message
CVSS 4.3
CVE-2024-53948 MEDIUM
Apache Superset <4.1.0 - Info Disclosure
CVSS 5.3
CVE-2024-54141 HIGH
phpMyFAQ < 4.0.0 - Sensitive Information Exposure via Database Connection Error
CVSS 8.6
CVE-2024-53253 MEDIUM
Sentry 24.11.0 - Information Disclosure of Integration Client Secret in Error Message
CVSS 5.3
CVE-2024-48896 MEDIUM
Moodle < 4.1.14 - Unauthorized User Name Disclosure via Messaging Error Message
CVSS 4.3
CVE-2024-30141 MEDIUM
HCL BigFix Compliance - Info Disclosure
CVSS 4.7
CVE-2024-52043 MEDIUM
HumHub < 1.16.2 - Sensitive Information Exposure via Error Message
CVSS 5.3
CVE-2024-51560 MEDIUM
63moons Wave 2.0 < 1.1.7 - Authenticated Sensitive Information Exposure via Invalid UserId Parameter
CVSS 4.3
CVE-2024-39719 HIGH
ollama < 0.3.14 - File Existence Disclosure via CreateModel Route
CVSS 7.5
CVE-2024-50512 MEDIUM
Posti Posti Shipping <3.10.2 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 561
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits