66 vulnerabilities classified as CWE-538 (文件和路径信息暴露). AI Chinese analysis included.
CWE-538 represents a critical data exposure weakness where applications inadvertently store sensitive information in files or directories accessible to unauthorized actors. This vulnerability typically arises when developers fail to enforce strict access controls on storage locations, allowing individuals with basic file system permissions to read confidential data such as credentials, session tokens, or personal identifiable information. Attackers exploit this by navigating to the exposed directory and extracting the unprotected files, often bypassing application-level security measures entirely. To mitigate this risk, developers must implement robust file permission settings, ensuring that sensitive data is stored in restricted directories accessible only to the application process. Additionally, employing encryption for data at rest and utilizing secure, temporary storage mechanisms can prevent unauthorized access, thereby maintaining the confidentiality and integrity of critical information against external threats.
logger.info("Username: " + usernme + ", CCN: " + ccn);| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-12623 | Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability — Cisco Enterprise NFV Infrastructure Software | 4.3 | - | 2019-08-21 |
| CVE-2018-4847 | Siemens SIMATIC WinCC OA Operator iOS App 安全漏洞 — SIMATIC WinCC OA Operator iOS App | 4.6 | - | 2018-04-23 |
| CVE-2017-16770 | Synology Surveillance Station 信息泄露漏洞 — Surveillance Station | 6.5 | - | 2018-02-27 |
| CVE-2017-9947 | Siemens APOGEE PXC BACnet Automation Controller和Siemens TALON TC BACnet Automation Controller 路径遍历漏洞 — APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5 | 5.3 | - | 2017-10-23 |
| CVE-2014-0771 | Advantech WebAccess File and Directory Information Exposure — WebAccess | 6.5 | - | 2014-04-12 |
| CVE-2014-0772 | Advantech WebAccess File and Directory Information Exposure — WebAccess | 6.5 | - | 2014-04-12 |
Vulnerabilities classified as CWE-538 (文件和路径信息暴露) represent 66 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.