CWE-598

Use of HTTP Request With Sensitive Query String

Parent: CWE-201 - Insertion of Sensitive Information Into Sent Data

The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.

80 vulnerabilities with CWE-598
CVE-2024-38863 HIGH
Checkmk <2.3.0p18, <2.2.0p35 and <2.1.0p48 - CSRF Token Exposure via Query Parameters
CVSS 7.5
CVE-2024-32931 MEDIUM
exacqVision Web Service < 24.03 - Authentication Token Exposure via HTTP Query String
CVSS 5.7
CVE-2024-23766 HIGH
HMS Anybus X-Gateway AB7832-F - DoS
CVSS 7.5
CVE-2024-31206 HIGH
dectalk-tts <1.0.1 - Info Disclosure
CVSS 8.2
CVE-2024-2745 LOW
Rapid7 InsightVM <6.6.244 - Info Disclosure
CVSS 3.3
CVE-2024-28238 LOW
Directus < 10.10.0 - Session Token Exposure via /files URL Parameter
CVSS 2.3
CVE-2023-50954 MEDIUM
IBM InfoSphere Information Server 11.7 - Info Disclosure
CVSS 4.3
CVE-2023-32335 LOW
IBM Maximo Suite 8.10-8.11 & Asset Mgmt 7.6.1.3 - Sensitive Info Exposure via URL
CVSS 3.7
CVE-2023-45716 LOW
HCL Sametime < 12.0.2 - Cleartext Transmission of Sensitive Information via URL
CVSS 1.7
CVE-2023-50328 LOW
IBM PowerSC 1.3, 2.0, 2.1 - Session Identifier Exposure via URL Query String
CVSS 3.7
CVE-2023-6287 LOW
Tribe29 Checkmk Appliance <1.6.8 - Info Disclosure
CVSS 3.3
CVE-2023-6014 CRITICAL
MLflow < 2.8.0 - Authentication Bypass
CVSS 9.8
CVE-2023-37935 MEDIUM
Fortinet FortiOS <7.0.12-7.2.5-7.4.0 - Info Disclosure
CVSS 6.5
CVE-2023-25524 MEDIUM
NVIDIA Omniverse Launcher < 1.8.11 - Access Token Exposure in Browser Address Bar
CVSS 4.0
CVE-2023-22307 MEDIUM
Tribe29 Checkmk Appliance <1.6.4 - Info Disclosure
CVSS 5.5
CVE-2022-34452 LOW
Dell PowerPath Management Appliance 3.0-3.3 - Authenticated Sensitive Information Disclosure via Log Files
CVSS 2.7
CVE-2022-24414 HIGH
Dell EMC CloudLink <7.1.3 - Info Disclosure
CVSS 7.6
CVE-2022-25787 HIGH
Secomea GateManager < 9.7.622134021 - Information Exposure via LMM API Query Strings
CVSS 7.5
CVE-2022-22551 HIGH
DELL EMC AppSync <4.3 - Info Disclosure
CVSS 8.3
CVE-2021-41719 HIGH
Mahavitran IOS App <16.1 - Info Disclosure
CVSS 7.5
CVE-2021-36328 HIGH
Dell EMC Streaming Data Platform <1.3 - SQL Injection
CVSS 8.8
CVE-2021-21594 HIGH
Dell PowerScale OneFS <9.1.0.x - Info Disclosure
CVSS 8.2
CVE-2020-5331 HIGH
RSA Archer < 6.7.0.3 - Authenticated Exposure of Sensitive Information in Log Files
CVSS 8.8
CVE-2019-18573 HIGH
RSA Identity Governance <7.1.1 P03 - Session Fixation
CVSS 8.8
CVE-2019-6531 HIGH
Kunbus PR100088 <R02-1.1.13166 - Info Disclosure
CVSS 8.1
Details
Vulnerabilities 80
Links
MITRE CWE Entry Search this CWE With Exploits