CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

81 vulnerabilities with CWE-538
CVE-2017-9947 MEDIUM
Siemens Apogee Pxc Firmware < 3.5 - Path Traversal
CVSS 5.3
CVE-2016-20024 CRITICAL
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
CVSS 9.8
CVE-2016-15056 HIGH
Ubee EVW3226 <1.0.20 - Info Disclosure
CVE-2016-10399 HIGH
Sendio <8.2.1 - Info Disclosure
CVSS 7.5
CVE-2014-0772
Advantech Webaccess < 7.1 - Information Disclosure
CVE-2014-0771
Advantech Webaccess < 7.1 - Information Disclosure
Details
Vulnerabilities 81
Links
MITRE CWE Entry Search this CWE With Exploits