Vulnerabilities (CVE)

Filtered by CWE-209
Total 421 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-25045 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-07-08 N/A 4.3 MEDIUM
IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.
CVE-2024-55895 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-07-08 N/A 2.7 LOW
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2025-40718 2025-07-08 N/A N/A
Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate error messages containing sensitive information.
CVE-2021-22145 2 Elastic, Oracle 2 Elasticsearch, Communications Cloud Native Core Automated Test Suite 2025-07-08 4.0 MEDIUM 6.5 MEDIUM
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
CVE-2024-56467 3 Ibm, Linux, Microsoft 3 Entirex, Linux Kernel, Windows 2025-07-07 N/A 3.3 LOW
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVE-2024-56493 3 Ibm, Linux, Microsoft 3 Entirex, Linux Kernel, Windows 2025-07-07 N/A 3.3 LOW
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVE-2024-56494 3 Ibm, Linux, Microsoft 3 Entirex, Linux Kernel, Windows 2025-07-07 N/A 3.3 LOW
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVE-2024-56495 3 Ibm, Linux, Microsoft 3 Entirex, Linux Kernel, Windows 2025-07-07 N/A 3.3 LOW
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVE-2024-56496 3 Ibm, Linux, Microsoft 3 Entirex, Linux Kernel, Windows 2025-07-07 N/A 3.3 LOW
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVE-2024-56810 3 Ibm, Linux, Microsoft 3 Entirex, Linux Kernel, Windows 2025-07-07 N/A 3.3 LOW
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVE-2024-56811 3 Ibm, Linux, Microsoft 3 Entirex, Linux Kernel, Windows 2025-07-07 N/A 3.3 LOW
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVE-2024-56812 3 Ibm, Linux, Microsoft 3 Entirex, Linux Kernel, Windows 2025-07-07 N/A 3.3 LOW
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVE-2024-25037 2 Ibm, Microsoft 3 Cognos Controller, Controller, Windows 2025-07-03 N/A 4.3 MEDIUM
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
CVE-2022-22363 2 Ibm, Microsoft 3 Cognos Controller, Controller, Windows 2025-07-03 N/A 4.3 MEDIUM
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2021-20455 2 Ibm, Microsoft 3 Cognos Controller, Controller, Windows 2025-07-03 N/A 3.7 LOW
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2024-52898 3 Ibm, Linux, Microsoft 4 Linux On Ibm Z, Mq, Linux Kernel and 1 more 2025-07-03 N/A 6.2 MEDIUM
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned.
CVE-2025-44203 1 Digitaldruid 1 Hoteldruid 2025-06-26 N/A 7.5 HIGH
In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, the attack results in a Denial of Service (DoS), preventing the administrator from logging in even with the correct credentials.
CVE-2023-50348 2025-06-18 N/A 3.1 LOW
HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc.
CVE-2024-30141 1 Hcltech 1 Bigfix Compliance 2025-06-17 N/A 4.7 MEDIUM
HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.
CVE-2024-21733 1 Apache 1 Tomcat 2025-06-13 N/A 5.3 MEDIUM
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.