CWE-203
AllowedObservable Discrepancy
Abstraction: Base · Status: Incomplete
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
836 vulnerabilities reference this CWE, most recent first.
GHSA-3MVX-8XGC-HH5R
Vulnerability from github – Published: 2022-04-21 00:00 – Updated: 2022-05-01 00:00Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required.
{
"affected": [],
"aliases": [
"CVE-2022-1318"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-20T16:15:00Z",
"severity": "MODERATE"
},
"details": "Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required.",
"id": "GHSA-3mvx-8xgc-hh5r",
"modified": "2022-05-01T00:00:38Z",
"published": "2022-04-21T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1318"
},
{
"type": "WEB",
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3PH6-JHVP-76GJ
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2025-04-20 03:49Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.
{
"affected": [],
"aliases": [
"CVE-2017-17427"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-13T16:29:00Z",
"severity": "MODERATE"
},
"details": "Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (\"Bleichenbacher attack\"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.",
"id": "GHSA-3ph6-jhvp-76gj",
"modified": "2025-04-20T03:49:58Z",
"published": "2022-05-13T01:44:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17427"
},
{
"type": "WEB",
"url": "https://robotattack.org"
},
{
"type": "WEB",
"url": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/144389"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102199"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3Q2F-QCG5-6425
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.
{
"affected": [],
"aliases": [
"CVE-2017-12373"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-15T20:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher\u0027s Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.",
"id": "GHSA-3q2f-qcg5-6425",
"modified": "2022-05-13T01:37:47Z",
"published": "2022-05-13T01:37:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12373"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102170"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3QPQ-HC75-5535
Vulnerability from github – Published: 2024-10-01 18:31 – Updated: 2024-10-11 18:32By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
{
"affected": [],
"aliases": [
"CVE-2024-9398"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-01T16:15:10Z",
"severity": "MODERATE"
},
"details": "By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox \u003c 131, Firefox ESR \u003c 128.3, Thunderbird \u003c 128.3, and Thunderbird \u003c 131.",
"id": "GHSA-3qpq-hc75-5535",
"modified": "2024-10-11T18:32:48Z",
"published": "2024-10-01T18:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9398"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1881037"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-46"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-47"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-49"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-50"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3QV6-5F5F-F89J
Vulnerability from github – Published: 2024-09-12 21:32 – Updated: 2024-09-12 21:32User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality.
{
"affected": [],
"aliases": [
"CVE-2024-34336"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-204"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-12T19:15:03Z",
"severity": "MODERATE"
},
"details": "User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality.",
"id": "GHSA-3qv6-5f5f-f89j",
"modified": "2024-09-12T21:32:02Z",
"published": "2024-09-12T21:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34336"
},
{
"type": "WEB",
"url": "https://mind-bytes.de/offenlegung-existierender-benutzerkonten-in-foss-online-cve-2024-34336"
},
{
"type": "WEB",
"url": "http://foss-online.com"
},
{
"type": "WEB",
"url": "http://ordat.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3R72-J9F5-R8J5
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2023-02-03 18:30In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request.
{
"affected": [],
"aliases": [
"CVE-2019-6651"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-25T18:15:00Z",
"severity": "MODERATE"
},
"details": "In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request.",
"id": "GHSA-3r72-j9f5-r8j5",
"modified": "2023-02-03T18:30:26Z",
"published": "2022-05-24T16:56:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6651"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K89509323"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K89509323?utm_source=f5support\u0026amp;utm_medium=RSS"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3RJG-J575-7F6P
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
{
"affected": [],
"aliases": [
"CVE-2018-5407"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-15T21:29:00Z",
"severity": "MODERATE"
},
"details": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"id": "GHSA-3rjg-j575-7f6p",
"modified": "2022-05-13T01:16:10Z",
"published": "2022-05-13T01:16:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/45785"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3840-1"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20181126-0001"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"type": "WEB",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"type": "WEB",
"url": "https://eprint.iacr.org/2018/1060.pdf"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0652"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0651"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105897"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3RX8-Q5X6-M56J
Vulnerability from github – Published: 2023-07-06 21:30 – Updated: 2023-07-06 21:30A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=[ID][ampersand]method=sms of the component OTP URI Interface. The manipulation leads to information exposure through discrepancy. It is possible to initiate the attack remotely. The identifier VDB-233253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2023-3529"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-06T19:15:11Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=[ID][ampersand]method=sms of the component OTP URI Interface. The manipulation leads to information exposure through discrepancy. It is possible to initiate the attack remotely. The identifier VDB-233253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-3rx8-q5x6-m56j",
"modified": "2023-07-06T21:30:28Z",
"published": "2023-07-06T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3529"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.233253"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.233253"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3VX8-9W4X-JHJW
Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 00:01In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206127671
{
"affected": [],
"aliases": [
"CVE-2021-39745"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-30T16:15:00Z",
"severity": "MODERATE"
},
"details": "In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206127671",
"id": "GHSA-3vx8-9w4x-jhjw",
"modified": "2022-04-06T00:01:55Z",
"published": "2022-03-31T00:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39745"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-12l"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3W69-WXXJ-QC6R
Vulnerability from github – Published: 2023-10-30 18:30 – Updated: 2023-11-06 18:30In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-21319"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-30T17:15:48Z",
"severity": "MODERATE"
},
"details": "In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-3w69-wxxj-qc6r",
"modified": "2023-11-06T18:30:18Z",
"published": "2023-10-30T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21319"
},
{
"type": "WEB",
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.