Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-209
Total 235 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-4532 1 Ibm 2 Business Automation Workflow, Business Process Manager 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716.
CVE-2020-4572 1 Ibm 1 Security Key Lifecycle Manager 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184179.
CVE-2020-6189 1 Sap 1 Businessobjects Business Intelligence Platform 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure.
CVE-2020-6503 1 Google 1 Chrome 2021-07-21 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2020-9351 1 Smartclient 1 Smartclient 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path).
CVE-2021-33711 1 Siemens 1 Teamcenter Active Workspace 2021-07-20 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). The affected application allows verbose error messages which allow leaking of sensitive information, such as full paths.
CVE-2021-20424 1 Ibm 1 Cloud Pak For Applications 2021-07-14 4.0 MEDIUM 4.3 MEDIUM
IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. X-Force ID: 196309.
CVE-2021-20417 1 Ibm 1 Guardium Data Encryption 2021-07-09 4.0 MEDIUM 4.3 MEDIUM
IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219
CVE-2021-31159 1 Zohocorp 1 Manageengine Servicedesk Plus Msp 2021-07-09 5.0 MEDIUM 5.3 MEDIUM
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
CVE-2021-20413 1 Ibm 1 Guardium Data Encryption 2021-06-29 5.0 MEDIUM 4.3 MEDIUM
IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196212.
CVE-2021-26997 1 Netapp 1 E-series Santricity Os Controller 2021-06-22 4.0 MEDIUM 6.5 MEDIUM
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks.
CVE-2021-30357 1 Checkpoint 1 Ssl Network Extender 2021-06-17 5.0 MEDIUM 5.3 MEDIUM
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access.
CVE-2021-20371 1 Ibm 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more 2021-06-07 4.0 MEDIUM 6.5 MEDIUM
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.
CVE-2021-3393 2 Postgresql, Redhat 3 Postgresql, Enterprise Linux, Software Collections 2021-06-04 3.5 LOW 4.3 MEDIUM
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
CVE-2021-20428 2 Ibm, Linux 2 Security Guardium, Linux Kernel 2021-05-25 5.0 MEDIUM 5.3 MEDIUM
IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196315.
CVE-2021-29688 4 Ibm, Linux, Microsoft and 1 more 5 Aix, Security Identity Manager, Linux Kernel and 2 more 2021-05-24 5.0 MEDIUM 7.5 HIGH
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102.
CVE-2021-29040 1 Liferay 2 Dxp, Liferay Portal 2021-05-24 5.0 MEDIUM 5.3 MEDIUM
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks via crafted inputs.
CVE-2021-29682 4 Ibm, Linux, Microsoft and 1 more 5 Aix, Security Identity Manager, Linux Kernel and 2 more 2021-05-24 5.0 MEDIUM 5.3 MEDIUM
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997
CVE-2021-31339 1 Mendix 1 Excel Importer 2021-05-21 4.0 MEDIUM 4.3 MEDIUM
A vulnerability has been identified in Mendix Excel Importer Module (All versions < V9.0.3). Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework.
CVE-2021-31341 1 Mendix 1 Database Replication 2021-05-20 4.0 MEDIUM 4.3 MEDIUM
Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1).