CWE-525

Use of Web Browser Cache Containing Sensitive Information

The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

CVE-2023-43035 (GCVE-0-2023-43035)
Vulnerability from cvelistv5
Published
2025-04-10 13:26
Modified
2025-08-17 00:05
CWE
  • CWE-525 - Information Exposure Through Browser Caching
Summary
IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.
References
https://www.ibm.com/support/pages/node/7230561vendor-advisory, patch
Impacted products
Vendor Product Version
IBM Sterling Control Center Version: 6.2.1
Version: 6.3.1
Version: 6.4.0
    cpe:2.3:a:ibm:control_center:6.2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:control_center:6.3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:control_center:6.4.0.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-43035",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-10T14:13:32.527807Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-10T14:13:41.627Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:control_center:6.2.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:control_center:6.3.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:control_center:6.4.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Sterling Control Center",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "6.3.1"
            },
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system."
            }
          ],
          "value": "IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-525",
              "description": "CWE-525 Information Exposure Through Browser Caching",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-17T00:05:25.920Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7230561"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Sterling Control Center information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-43035",
    "datePublished": "2025-04-10T13:26:44.672Z",
    "dateReserved": "2023-09-15T01:12:19.597Z",
    "dateUpdated": "2025-08-17T00:05:25.920Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1334 (GCVE-0-2025-1334)
Vulnerability from cvelistv5
Published
2025-06-03 15:18
Modified
2025-08-24 11:59
CWE
  • CWE-525 - Information Exposure Through Browser Caching
Summary
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system.
References
https://www.ibm.com/support/pages/node/7235432vendor-advisory, patch
Impacted products
Vendor Product Version
IBM QRadar Suite Software Version: 1.10.12.0    1.11.2.0
    cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:qradar_suite:1.11.2.0:*:*:*:*:*:*:*
Create a notification for this product.
   IBM Cloud Pak for Security Version: 1.10.0.0    1.10.11.0
    cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:cloud_pak_for_security:1.10.11.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1334",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-03T15:30:48.789875Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-03T15:31:00.347Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:qradar_suite:1.11.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "QRadar Suite Software",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "1.11.2.0",
              "status": "affected",
              "version": "1.10.12.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cloud_pak_for_security:1.10.11.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Cloud Pak for Security",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "1.10.11.0",
              "status": "affected",
              "version": "1.10.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system."
            }
          ],
          "value": "IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-525",
              "description": "CWE-525 Information Exposure Through Browser Caching",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-24T11:59:40.522Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7235432"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM strongly encourages customers to update their systems promptly.\u003cbr\u003e\u003cbr\u003ePlease upgrade to at least version 1.11.3.0 according to the following instructions:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/cloud-paks/cp-security/1.11?topic=installing\"\u003ehttps://www.ibm.com/docs/en/cloud-paks/cp-security/1.11?topic=installing\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/cloud-paks/cp-security/1.11?topic=upgrading\"\u003ehttps://www.ibm.com/docs/en/cloud-paks/cp-security/1.11?topic=upgrading\u003c/a\u003e\u003cbr\u003e"
            }
          ],
          "value": "IBM strongly encourages customers to update their systems promptly.\n\nPlease upgrade to at least version 1.11.3.0 according to the following instructions:\n\n https://www.ibm.com/docs/en/cloud-paks/cp-security/1.11?topic=installing \n\n https://www.ibm.com/docs/en/cloud-paks/cp-security/1.11?topic=upgrading"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-1334",
    "datePublished": "2025-06-03T15:18:40.596Z",
    "dateReserved": "2025-02-15T14:16:41.665Z",
    "dateUpdated": "2025-08-24T11:59:40.522Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1348 (GCVE-0-2025-1348)
Vulnerability from cvelistv5
Published
2025-06-18 16:19
Modified
2025-08-24 11:50
CWE
  • CWE-525 - Information Exposure Through Browser Caching
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy.
References
https://www.ibm.com/support/pages/node/7237068vendor-advisory, patch
Impacted products
Vendor Product Version
IBM Sterling B2B Integrator Version: 6.0.0.0    6.1.2.6
Version: 6.2.0.0    6.2.0.4
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:*
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:*
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:*
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1348",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-18T18:25:33.803335Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-18T18:26:07.919Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:*",
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:*",
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Sterling B2B Integrator",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "6.1.2.6",
              "status": "affected",
              "version": "6.0.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.0.4",
              "status": "affected",
              "version": "6.2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user\u2019s web browser cache due to not using a suitable caching policy."
            }
          ],
          "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user\u2019s web browser cache due to not using a suitable caching policy."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-525",
              "description": "CWE-525 Information Exposure Through Browser Caching",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-24T11:50:32.968Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7237068"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway  6.0.0.0 - 6.1.2.6  IT47515  Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\u003cbr\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway  6.2.0.0 - 6.2.0.4  IT47515  Apply B2Bi 6.2.0.5 or 6.2.1.0\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \u003cbr\u003e\u003cbr\u003eThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry.\u003cbr\u003e"
            }
          ],
          "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway  6.0.0.0 - 6.1.2.6  IT47515  Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\nIBM Sterling B2B Integrator and IBM Sterling File Gateway  6.2.0.0 - 6.2.0.4  IT47515  Apply B2Bi 6.2.0.5 or 6.2.1.0\n \n\nThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \n\nThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-1348",
    "datePublished": "2025-06-18T16:19:48.515Z",
    "dateReserved": "2025-02-15T15:14:05.404Z",
    "dateUpdated": "2025-08-24T11:50:32.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation

Phase: Architecture and Design

Description:

  • Protect information stored in cache.
Mitigation

Phases: Architecture and Design, Implementation

Description:

  • Use a restrictive caching policy for forms and web pages that potentially contain sensitive information.
Mitigation

Phase: Architecture and Design

Description:

  • Do not store unnecessarily sensitive information in the cache.
Mitigation

Phase: Architecture and Design

Description:

  • Consider using encryption in the cache.
CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.

Back to CWE stats page