Vulnerabilities > Information Exposure

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2021-39089 Information Exposure vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request.
network
low complexity
ibm CWE-200
6.5
2023-01-19 CVE-2022-39167 Information Exposure vulnerability in IBM Spectrum Virtualize
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques.
network
high complexity
ibm CWE-200
5.9
2023-01-17 CVE-2023-22875 Information Exposure vulnerability in IBM Qradar Security Information and Event Manager 7.4.0/7.5.0
IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key.
network
low complexity
ibm CWE-200
7.5
2023-01-17 CVE-2022-3091 Information Exposure vulnerability in Ronds Equipment Predictive Maintenance 1.19.5
RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials.
network
low complexity
ronds CWE-200
7.5
2023-01-10 CVE-2023-0023 Information Exposure vulnerability in SAP Bank Account Management 800/900
In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL.
network
low complexity
sap CWE-200
5.7
2023-01-07 CVE-2023-0113 Information Exposure vulnerability in Netis-Systems Netcore Router Firmware
A vulnerability was found in Netis Netcore Router.
network
low complexity
netis-systems CWE-200
7.5
2023-01-05 CVE-2023-22453 Information Exposure vulnerability in Discourse
Discourse is an option source discussion platform.
network
low complexity
discourse CWE-200
5.3
2023-01-05 CVE-2022-23546 Information Exposure vulnerability in Discourse
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information.
local
low complexity
discourse CWE-200
5.5
2023-01-05 CVE-2022-43573 Information Exposure vulnerability in IBM products
IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects.
network
low complexity
ibm CWE-200
5.3
2023-01-05 CVE-2022-43539 Information Exposure vulnerability in Arubanetworks Clearpass Policy Manager
A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information.
low complexity
arubanetworks CWE-200
4.5