Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-497 (将系统数据暴露到未授权控制的范围) — Vulnerability Class 291

291 vulnerabilities classified as CWE-497 (将系统数据暴露到未授权控制的范围). AI Chinese analysis included.

CWE-497 represents a critical information disclosure weakness where software inadvertently exposes sensitive system-level details to unauthorized external entities. This vulnerability typically arises when network-facing applications, such as web servers, fail to sanitize error messages or headers, allowing attackers to glean valuable intelligence about the underlying operating system, database versions, or server configurations. Exploitation often involves analyzing verbose error responses or specific network packets to identify known vulnerabilities in the exposed software stack, facilitating targeted attacks like remote code execution. To mitigate this risk, developers must implement strict error handling protocols that return generic, user-friendly messages instead of detailed stack traces. Additionally, configuring web servers to suppress version information in headers and employing robust input validation ensures that internal system architecture remains obscured from potential adversaries, thereby reducing the attack surface significantly.

MITRE CWE Description
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. Network-based products, such as web applications, often run on top of an operating system or similar environment. When the product communicates with outside parties, details about the underlying system are expected to remain hidden, such as path names for data files, other OS users, installed packages, the application environment, etc. This system information may be provided by the product itself, or buried within diagnostic or debugging messages. Debugging information helps an adversary learn about the system and form an attack plan. An information exposure occurs when system data or debugging information leaves the program through an output stream or logging function that makes it accessible to unauthorized parties. Using other weaknesses, an attacker could cause errors to occur; the response to these errors can reveal detailed system information, along with other impacts. An attacker can use messages that reveal technologies, operating systems, and product versions to tune the attack against known vulnerabilities in these technologies. A product may use diagnostic methods that provide significant implementation details such as stack traces as part of its error handling mechanism.
Common Consequences (1)
ConfidentialityRead Application Data
Mitigations (1)
Architecture and Design, ImplementationProduction applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
Examples (2)
The following code prints the path environment variable to the standard error stream:
char* path = getenv("PATH"); ... sprintf(stderr, "cannot find exe on path %s\n", path);
Bad · C
This code prints all of the running processes belonging to the current user.
//assume getCurrentUser() returns a username that is guaranteed to be alphanumeric (avoiding CWE-78) $userName = getCurrentUser(); $command = 'ps aux | grep ' . $userName; system($command);
Bad · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2024-36509 Fortinet FortiWeb 安全漏洞 — FortiWeb 3.8 Medium2024-11-12
CVE-2024-47799 SoftBank Mesh Wi-Fi router RP562B 安全漏洞 — Mesh Wi-Fi router RP562B 3.5 Low2024-11-12
CVE-2024-50528 WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Sensitive Data Exposure vulnerability — Stacks Mobile App Builder 7.5 High2024-11-04
CVE-2024-50425 WordPress WP Booking System – Booking Calendar plugin <= 2.0.19.10 - Broken Access Control vulnerability — WP Booking System 6.5 Medium2024-10-29
CVE-2024-48024 WordPress Keep Backup Daily plugin <= 2.1.3 - Sensitive Data Exposure vulnerability — Keep Backup Daily 7.5 High2024-10-17
CVE-2024-49252 WordPress leyka plugin <=3.31.6 - Broken Access Control vulnerability — Leyka 5.3 Medium2024-10-16
CVE-2024-9470 Cortex XSOAR: Information Disclosure Vulnerability — Cortex XSOAR 4.3AIMediumAI2024-10-09
CVE-2024-6389 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab — GitLab 4.3 Medium2024-09-12
CVE-2024-8687 PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes — PAN-OS 9.8AICriticalAI2024-09-11
CVE-2023-42010 IBM Sterling B2B Integrator Standard Edition information disclosure — Sterling B2B Integrator Standard Edition 3.1 Low2024-07-17
CVE-2024-39740 IBM Datacap Navigator information disclosure — Datacap Navigator 4.3 Medium2024-07-15
CVE-2024-39675 Siemens 多款产品安全漏洞 — RUGGEDCOM RMC30 8.8 High2024-07-09
CVE-2024-31223 Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL — fides 5.3 Medium2024-07-03
CVE-2024-5735 Full Path Disclosure in AdmirorFrames Joomla! Extension — AdmirorFrames 5.3AIMediumAI2024-06-28
CVE-2024-6388 Canonical Ubuntu Advantage Desktop Daemon 安全漏洞 — Ubuntu Advantage Desktop Pro 5.9 Medium2024-06-27
CVE-2022-4968 Netplan 安全漏洞 — Netplan 6.5 Medium2024-06-07
CVE-2024-4008 FDSK Leak in KNX Secure Devices — 2.4! Display 55, SD/U12.55.11-825 9.6 Critical2024-06-05
CVE-2023-50180 Fortinet FortiADC 安全漏洞 — FortiADC 5.2 Medium2024-05-14
CVE-2024-1809 Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) <= 5.2.3 - Missing Authorization — Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) 5.4 Medium2024-05-02
CVE-2024-31887 IBM Security Verify Privilege information disclosure — Security Verify Privilege 7.5 High2024-04-16
CVE-2023-4605 Lenovo XClarity Administrator 安全漏洞 — XClarity Administrator 6.5 Medium2024-04-05
CVE-2024-31419 Cnv: information disclosure through the usage of vm-dump-metrics 4.3 Medium2024-04-03
CVE-2023-50959 IBM Cloud Pak for Business Automation information disclosure — Cloud Pak for Business Automation 5.3 Medium2024-03-31
CVE-2024-25634 IDOR make user can read e-mail log sent by other events — alf.io 7.2 High2024-02-19
CVE-2023-5081 Lenovo Tab M8 HD 信息泄露漏洞 — Tablet 3.3 Low2024-01-19
CVE-2024-22125 Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) — Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) 7.4 High2024-01-09
CVE-2024-22124 Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager — SAP NetWeaver (Internet Communication Manager) 4.1 Medium2024-01-09
CVE-2023-41366 Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform — SAP NetWeaver Application Server ABAP and ABAP Platform 5.3 Medium2023-11-14
CVE-2023-34209 Exposure of Sensitive System Information to an Unauthorized Control Sphere in EasyUse MailHunter Ultimate — MailHunter Ultimate 5.0 Medium2023-10-17
CVE-2023-4237 Platform: ec2_key module prints out the private key directly to the standard output — Red Hat Ansible Automation Platform 2.4 for RHEL 8 7.3 High2023-10-04

Vulnerabilities classified as CWE-497 (将系统数据暴露到未授权控制的范围) represent 291 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.