Common Weakness Enumeration

CWE-598

Allowed

Use of HTTP Request With Sensitive Query String

Abstraction: Variant · Status: Draft

The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.

139 vulnerabilities reference this CWE, most recent first.

GHSA-2CCR-G2RV-H677

Vulnerability from github – Published: 2024-03-12 20:47 – Updated: 2024-03-13 22:25
VLAI
Summary
Session Token in URL in directus
Details

Impact

When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user.

Patches

Has the problem been patched? What versions should users upgrade to?

Workarounds

There's no workaround available.

References

Are there any links users can visit to find out more?

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "directus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-28238"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-598"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-12T20:47:18Z",
    "nvd_published_at": "2024-03-12T21:15:59Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nWhen reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user.\n\n### Patches\n\n_Has the problem been patched? What versions should users upgrade to?_\n\n### Workarounds\n\nThere\u0027s no workaround available.\n\n### References\n\n_Are there any links users can visit to find out more?_\n",
  "id": "GHSA-2ccr-g2rv-h677",
  "modified": "2024-03-13T22:25:10Z",
  "published": "2024-03-12T20:47:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/directus/directus/security/advisories/GHSA-2ccr-g2rv-h677"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28238"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/directus/directus"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Session Token in URL in directus"
}

GHSA-2G3Q-9HVF-4QGX

Vulnerability from github – Published: 2025-08-25 09:32 – Updated: 2025-08-25 09:32
VLAI
Details

An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8997"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-598"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-25T07:15:35Z",
    "severity": "MODERATE"
  },
  "details": "An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.",
  "id": "GHSA-2g3q-9hvf-4qgx",
  "modified": "2025-08-25T09:32:02Z",
  "published": "2025-08-25T09:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8997"
    },
    {
      "type": "WEB",
      "url": "https://portal.microfocus.com/s/article/KM000042482"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2QHM-4W63-5PPH

Vulnerability from github – Published: 2025-07-08 12:31 – Updated: 2025-07-08 12:31
VLAI
Details

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) V9.6 (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). The affected devices include session identifiers in URL requests for certain functionalities. This could allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-40742"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-598"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T11:15:30Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) V9.6 (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). The affected devices include session identifiers in URL requests for certain functionalities. This could allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access.",
  "id": "GHSA-2qhm-4w63-5pph",
  "modified": "2025-07-08T12:31:02Z",
  "published": "2025-07-08T12:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40742"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-904646.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-339W-6R43-VJH2

Vulnerability from github – Published: 2025-06-12 15:31 – Updated: 2025-06-12 15:31
VLAI
Details

The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49188"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-598"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-12T14:15:31Z",
    "severity": "MODERATE"
  },
  "details": "The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.",
  "id": "GHSA-339w-6r43-vjh2",
  "modified": "2025-06-12T15:31:23Z",
  "published": "2025-06-12T15:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49188"
    },
    {
      "type": "WEB",
      "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/3.1"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-37FX-2M8V-2X4J

Vulnerability from github – Published: 2023-08-03 18:30 – Updated: 2024-04-04 06:31
VLAI
Details

NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25524"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-598"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-03T17:15:11Z",
    "severity": "MODERATE"
  },
  "details": "\nNVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user\u2019s access token is displayed in the browser user\u0027s address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.\n\n",
  "id": "GHSA-37fx-2m8v-2x4j",
  "modified": "2024-04-04T06:31:59Z",
  "published": "2023-08-03T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25524"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5472"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-37PM-83G7-R22V

Vulnerability from github – Published: 2026-06-19 14:16 – Updated: 2026-06-19 14:16
VLAI
Summary
canto-saas-api: OAuth credentials exposed in URL query string and exception messages
Details

Summary

In affected versions, the OAuth2 token request sends app_id, app_secret, refresh_token and code as URL query parameters of the POST request to https://oauth.<domain>/oauth/api/oauth2/token. Request URLs are commonly recorded in access logs, proxy logs and APM traces, so the application secret and refresh token can be persisted in plain text outside the application's control.

In addition, when the token request fails, the Guzzle exception message — which contains the full request URI including the credentials — was passed unmodified into the AuthorizationFailedException thrown by OAuth2::obtainAccessToken(). Applications that log exceptions or forward them to error trackers (e.g. Sentry) may therefore have recorded the app secret in their logs.

## Impact

An attacker with access to web server logs, proxy logs, APM tracing data or application error logs of a consumer of this library can obtain the Canto app_secret, refresh_token or authorization code and use them to obtain access tokens for the Canto tenant.

## Patches

Fixed in 3.0.0:

  • OAuth credentials are sent in the form-encoded POST body instead of the URL query string (RFC 6749 §2.3.1). OAuth2Request::getQueryParams() now returns null; the parameters are available via getFormParams().
  • Exception messages are sanitized before being rethrown: the values of app_secret, refresh_token and code are masked (including url-encoded, differently cased and JSON-embedded variants).

## Workarounds

If you cannot upgrade:

  • Treat web server, proxy and APM logs of systems performing Canto OAuth requests as secret material and restrict access to them.
  • Catch AuthorizationFailedException in your application and strip the query string from the message before logging or forwarding it.

If your logs may have been exposed, rotate the affected Canto app secret.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.0.0"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "jleehr/canto-saas-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-55375"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209",
      "CWE-598"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-19T14:16:41Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\n  In affected versions, the OAuth2 token request sends `app_id`, `app_secret`,\n  `refresh_token` and `code` as URL query parameters of the POST request to\n  `https://oauth.\u003cdomain\u003e/oauth/api/oauth2/token`. Request URLs are commonly\n  recorded in access logs, proxy logs and APM traces, so the application secret\n  and refresh token can be persisted in plain text outside the application\u0027s\n  control.\n\n  In addition, when the token request fails, the Guzzle exception message \u2014\n  which contains the full request URI including the credentials \u2014 was passed\n  unmodified into the `AuthorizationFailedException` thrown by\n  `OAuth2::obtainAccessToken()`. Applications that log exceptions or forward\n  them to error trackers (e.g. Sentry) may therefore have recorded the app\n  secret in their logs.\n\n  ## Impact\n\n  An attacker with access to web server logs, proxy logs, APM tracing data or\n  application error logs of a consumer of this library can obtain the Canto\n  `app_secret`, `refresh_token` or authorization `code` and use them to obtain\n  access tokens for the Canto tenant.\n\n  ## Patches\n\n  Fixed in 3.0.0:\n\n  - OAuth credentials are sent in the form-encoded POST body instead of the URL\n    query string (RFC 6749 \u00a72.3.1). `OAuth2Request::getQueryParams()` now\n    returns `null`; the parameters are available via `getFormParams()`.\n  - Exception messages are sanitized before being rethrown: the values of\n    `app_secret`, `refresh_token` and `code` are masked (including url-encoded,\n    differently cased and JSON-embedded variants).\n\n  ## Workarounds\n\n  If you cannot upgrade:\n\n  - Treat web server, proxy and APM logs of systems performing Canto OAuth\n    requests as secret material and restrict access to them.\n  - Catch `AuthorizationFailedException` in your application and strip the query\n    string from the message before logging or forwarding it.\n\n  If your logs may have been exposed, rotate the affected Canto app secret.",
  "id": "GHSA-37pm-83g7-r22v",
  "modified": "2026-06-19T14:16:41Z",
  "published": "2026-06-19T14:16:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jleehr/canto-saas-api/security/advisories/GHSA-37pm-83g7-r22v"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jleehr/canto-saas-api"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "canto-saas-api: OAuth credentials exposed in URL query string and exception messages"
}

GHSA-3GMG-V9XP-M3JG

Vulnerability from github – Published: 2023-10-10 18:31 – Updated: 2024-04-04 08:30
VLAI
Details

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37935"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-598"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-10T17:15:12Z",
    "severity": "HIGH"
  },
  "details": "A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.",
  "id": "GHSA-3gmg-v9xp-m3jg",
  "modified": "2024-04-04T08:30:14Z",
  "published": "2023-10-10T18:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37935"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-23-120"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-42H9-MR3G-6GC2

Vulnerability from github – Published: 2026-02-20 18:31 – Updated: 2026-02-23 21:31
VLAI
Details

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-26721"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-598"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-20T17:25:55Z",
    "severity": "HIGH"
  },
  "details": "An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter.",
  "id": "GHSA-42h9-mr3g-6gc2",
  "modified": "2026-02-23T21:31:23Z",
  "published": "2026-02-20T18:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26721"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2026-26721"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4CQV-CV9M-26Q8

Vulnerability from github – Published: 2024-06-26 21:32 – Updated: 2024-07-03 18:47
VLAI
Details

An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET request to a specific URL triggers the reboot of the Anybus gateway (or at least most of its modules). An attacker can use this feature to carry out a denial of service attack by continuously sending GET requests to that URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23766"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-598"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-26T21:15:12Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET request to a specific URL triggers the reboot of the Anybus gateway (or at least most of its modules). An attacker can use this feature to carry out a denial of service attack by continuously sending GET requests to that URL.",
  "id": "GHSA-4cqv-cv9m-26q8",
  "modified": "2024-07-03T18:47:04Z",
  "published": "2024-06-26T21:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23766"
    },
    {
      "type": "WEB",
      "url": "https://sensepost.com/blog/2024/targeting-an-industrial-protocol-gateway"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4HF4-8437-8WG9

Vulnerability from github – Published: 2026-03-10 21:32 – Updated: 2026-03-10 21:32
VLAI
Details

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13219"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-598"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T20:16:19Z",
    "severity": "MODERATE"
  },
  "details": "IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.",
  "id": "GHSA-4hf4-8437-8wg9",
  "modified": "2026-03-10T21:32:17Z",
  "published": "2026-03-10T21:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13219"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7263083"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

When sending sensitive information, only include it in the request body or request headers instead of the query string. This may require avoiding use of GET requests.

No CAPEC attack patterns related to this CWE.