CWE-538
AllowedInsertion of Sensitive Information into Externally-Accessible File or Directory
Abstraction: Base · Status: Draft
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
155 vulnerabilities reference this CWE, most recent first.
GHSA-M28R-JG2J-26CV
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2026-06-02 21:30A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.
{
"affected": [],
"aliases": [
"CVE-2017-9947"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-23T08:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.",
"id": "GHSA-m28r-jg2j-26cv",
"modified": "2026-06-02T21:30:27Z",
"published": "2022-05-13T01:36:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9947"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
},
{
"type": "WEB",
"url": "https://packetstorm.news/files/id/169544"
},
{
"type": "WEB",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101248"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M532-3CC3-2P5V
Vulnerability from github – Published: 2025-02-24 00:30 – Updated: 2026-04-01 18:33Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Matt Cromwell Give – Divi Donation Modules allows Retrieve Embedded Sensitive Data. This issue affects Give – Divi Donation Modules: from n/a through 2.0.0.
{
"affected": [],
"aliases": [
"CVE-2025-22633"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-23T23:15:10Z",
"severity": "MODERATE"
},
"details": "Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Matt Cromwell Give \u2013 Divi Donation Modules allows Retrieve Embedded Sensitive Data. This issue affects Give \u2013 Divi Donation Modules: from n/a through 2.0.0.",
"id": "GHSA-m532-3cc3-2p5v",
"modified": "2026-04-01T18:33:45Z",
"published": "2025-02-24T00:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22633"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/give-donation-modules-for-divi/vulnerability/wordpress-give-divi-donation-modules-plugin-2-0-0-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M6F8-6M3M-X2RV
Vulnerability from github – Published: 2026-05-21 09:32 – Updated: 2026-06-02 15:31Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data.
{
"affected": [],
"aliases": [
"CVE-2026-5434"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-21T09:16:30Z",
"severity": "MODERATE"
},
"details": "Honeywell Control\nNetwork Module (CNM)\u00a0contains\ninsertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing\nsystem files, potentially resulting in unintended\naccess to protected data.",
"id": "GHSA-m6f8-6m3m-x2rv",
"modified": "2026-06-02T15:31:55Z",
"published": "2026-05-21T09:32:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5434"
},
{
"type": "WEB",
"url": "https://process.honeywell.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MHJP-XC38-M6XR
Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.
{
"affected": [],
"aliases": [
"CVE-2018-10590"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-15T22:29:00Z",
"severity": "HIGH"
},
"details": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.",
"id": "GHSA-mhjp-xc38-m6xr",
"modified": "2022-05-13T01:35:01Z",
"published": "2022-05-13T01:35:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10590"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104190"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MWJC-697V-R7M7
Vulnerability from github – Published: 2023-09-14 12:30 – Updated: 2024-04-04 07:40A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.
{
"affected": [],
"aliases": [
"CVE-2023-38558"
],
"database_specific": {
"cwe_ids": [
"CWE-538",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-14T11:15:07Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.",
"id": "GHSA-mwjc-697v-r7m7",
"modified": "2024-04-04T07:40:13Z",
"published": "2023-09-14T12:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38558"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646240.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PCH2-3675-W238
Vulnerability from github – Published: 2026-06-02 15:32 – Updated: 2026-06-02 15:32Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.
{
"affected": [],
"aliases": [
"CVE-2019-25717"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-02T14:16:24Z",
"severity": "MODERATE"
},
"details": "Dr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.",
"id": "GHSA-pch2-3675-w238",
"modified": "2026-06-02T15:32:09Z",
"published": "2026-06-02T15:32:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25717"
},
{
"type": "WEB",
"url": "https://static.draeger.com/security"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/dr-ger-infinity-delta-kappa-patient-monitors-unauthenticated-log-file-disclosure"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QJP7-GVRW-VXMF
Vulnerability from github – Published: 2024-12-10 03:31 – Updated: 2024-12-10 03:31An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or availability.
{
"affected": [],
"aliases": [
"CVE-2024-47580"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-10T01:15:05Z",
"severity": "MODERATE"
},
"details": "An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or availability.",
"id": "GHSA-qjp7-gvrw-vxmf",
"modified": "2024-12-10T03:31:45Z",
"published": "2024-12-10T03:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47580"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3536965"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QPV6-4QP6-6JQX
Vulnerability from github – Published: 2025-11-21 00:30 – Updated: 2025-11-21 18:30Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory.
{
"affected": [],
"aliases": [
"CVE-2025-61138"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-20T22:16:01Z",
"severity": "HIGH"
},
"details": "Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory.",
"id": "GHSA-qpv6-4qp6-6jqx",
"modified": "2025-11-21T18:30:28Z",
"published": "2025-11-21T00:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61138"
},
{
"type": "WEB",
"url": "https://gist.github.com/Israel0x00/8a81ec98162e9ca8e4a3a6c8b4ef4762"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QR2Q-986W-CCV6
Vulnerability from github – Published: 2022-05-17 04:47 – Updated: 2025-09-19 21:31The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.
{
"affected": [],
"aliases": [
"CVE-2014-0771"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-04-12T04:37:00Z",
"severity": "MODERATE"
},
"details": "The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.",
"id": "GHSA-qr2q-986w-ccv6",
"modified": "2025-09-19T21:31:14Z",
"published": "2022-05-17T04:47:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0771"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03"
},
{
"type": "WEB",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
},
{
"type": "WEB",
"url": "http://webaccess.advantech.com"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/66740"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-R46V-FWC3-FP9X
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2024-04-04 01:44A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system.
{
"affected": [],
"aliases": [
"CVE-2019-12623"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-21T18:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system.",
"id": "GHSA-r46v-fwc3-fp9x",
"modified": "2024-04-04T01:44:36Z",
"published": "2022-05-24T16:54:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12623"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-enumeration"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Do not expose file and directory information to the user.
CAPEC-95: WSDL Scanning
This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.