CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
CVE-2024-13953 (GCVE-0-2024-13953)
Vulnerability from cvelistv5 – Published: 2025-05-22 18:28 – Updated: 2025-05-22 18:40
VLAI
Title
Sensitive Information disclosed in log files
Summary
Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-359 - Exposure of Private Information ('Privacy Violation')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | ASPECT-Enterprise |
Affected:
0 , ≤ 3.*
(custom)
|
|
| ABB | NEXUS Series |
Affected:
0 , ≤ 3.*
(custom)
|
|
| ABB | MATRIX Series |
Affected:
0 , ≤ 3.*
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T18:37:28.229118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:40:42.253Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Linux"
],
"product": "ASPECT-Enterprise",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "3.*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "NEXUS Series",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "3.*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "MATRIX Series",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "3.*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromised\u003cp\u003eThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.\u003c/p\u003e"
}
],
"value": "Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Information (\u0027Privacy Violation\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:28:42.624Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021\u0026LanguageCode=en\u0026DocumentPartId=pdf\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sensitive Information disclosed in log files",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-13953",
"datePublished": "2025-05-22T18:28:42.624Z",
"dateReserved": "2025-05-08T12:07:24.142Z",
"dateUpdated": "2025-05-22T18:40:42.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26192 (GCVE-0-2024-26192)
Vulnerability from cvelistv5 – Published: 2024-02-23 22:16 – Updated: 2025-05-03 01:37
VLAI
Title
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Summary
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 122.0.2365.52
(custom)
|
Date Public
2024-02-23 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-25T15:17:41.819989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T20:56:09.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:32.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26192"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "122.0.2365.52",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0.2365.52",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-02-23T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:37:21.079Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26192"
}
],
"title": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-26192",
"datePublished": "2024-02-23T22:16:18.610Z",
"dateReserved": "2024-02-14T22:23:54.100Z",
"dateUpdated": "2025-05-03T01:37:21.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29888 (GCVE-0-2024-29888)
Vulnerability from cvelistv5 – Published: 2024-03-27 18:53 – Updated: 2024-08-02 01:17
VLAI
Title
Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Summary
Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`.
Severity
4.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://github.com/saleor/saleor/security/advisor… | x_refsource_CONFIRM |
| https://github.com/saleor/saleor/pull/15694 | x_refsource_MISC |
| https://github.com/saleor/saleor/pull/15697 | x_refsource_MISC |
| https://github.com/saleor/saleor/commit/22a1aa3ef… | x_refsource_MISC |
| https://github.com/saleor/saleor/commit/39abb0f4e… | x_refsource_MISC |
| https://github.com/saleor/saleor/commit/47cedfd7d… | x_refsource_MISC |
| https://github.com/saleor/saleor/commit/997f7ea4f… | x_refsource_MISC |
| https://github.com/saleor/saleor/commit/b7cecda8b… | x_refsource_MISC |
| https://github.com/saleor/saleor/commit/d8ba545c1… | x_refsource_MISC |
| https://github.com/saleor/saleor/commit/dccc2c842… | x_refsource_MISC |
| https://github.com/saleor/saleor/commit/ef003c76a… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-27T19:54:53.329148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:18.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:17:58.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45"
},
{
"name": "https://github.com/saleor/saleor/pull/15694",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/pull/15694"
},
{
"name": "https://github.com/saleor/saleor/pull/15697",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/pull/15697"
},
{
"name": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761"
},
{
"name": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c"
},
{
"name": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b"
},
{
"name": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26"
},
{
"name": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4"
},
{
"name": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95"
},
{
"name": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182"
},
{
"name": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "saleor",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.14.56, \u003c 3.14.61"
},
{
"status": "affected",
"version": "\u003e= 3.15.31, \u003c 3.15.37"
},
{
"status": "affected",
"version": "\u003e= 3.16.27, \u003c 3.16.34"
},
{
"status": "affected",
"version": "\u003e= 3.17.25, \u003c 3.17.32"
},
{
"status": "affected",
"version": "\u003e= 3.18.19, \u003c 3.18.28"
},
{
"status": "affected",
"version": "\u003e= 3.19.5, \u003c 3.19.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T18:53:44.698Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45"
},
{
"name": "https://github.com/saleor/saleor/pull/15694",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/pull/15694"
},
{
"name": "https://github.com/saleor/saleor/pull/15697",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/pull/15697"
},
{
"name": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761"
},
{
"name": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c"
},
{
"name": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b"
},
{
"name": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26"
},
{
"name": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4"
},
{
"name": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95"
},
{
"name": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182"
},
{
"name": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640"
}
],
"source": {
"advisory": "GHSA-mrj3-f2h4-7w45",
"discovery": "UNKNOWN"
},
"title": "Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29888",
"datePublished": "2024-03-27T18:53:44.698Z",
"dateReserved": "2024-03-21T15:12:08.997Z",
"dateUpdated": "2024-08-02T01:17:58.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29986 (GCVE-0-2024-29986)
Vulnerability from cvelistv5 – Published: 2024-04-18 18:59 – Updated: 2025-05-03 00:40
VLAI
Title
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
Summary
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 124.0.2478.51
(custom)
|
|
| microsoft | edge_chromium |
Affected:
- , < 124.0.2478.51
(custom)
cpe:2.3:a:microsoft:edge_chromium:-:*:*:*:*:*:*:* |
Date Public
2024-04-18 07:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:edge_chromium:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edge_chromium",
"vendor": "microsoft",
"versions": [
{
"lessThan": "124.0.2478.51",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T15:03:35.393145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:59.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:00.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29986"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "124.0.2478.51",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "124.0.2478.51",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-04-18T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:40:31.579Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29986"
}
],
"title": "Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-29986",
"datePublished": "2024-04-18T18:59:26.836Z",
"dateReserved": "2024-03-22T23:12:11.046Z",
"dateUpdated": "2025-05-03T00:40:31.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29987 (GCVE-0-2024-29987)
Vulnerability from cvelistv5 – Published: 2024-04-18 18:59 – Updated: 2025-05-03 00:40
VLAI
Title
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Summary
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 124.0.2478.51
(custom)
|
Date Public
2024-04-18 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T19:02:40.326266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:47.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:00.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29987"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "124.0.2478.51",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "124.0.2478.51",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-04-18T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:40:30.968Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29987"
}
],
"title": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-29987",
"datePublished": "2024-04-18T18:59:27.406Z",
"dateReserved": "2024-03-22T23:12:11.047Z",
"dateUpdated": "2025-05-03T00:40:30.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30056 (GCVE-0-2024-30056)
Vulnerability from cvelistv5 – Published: 2024-05-25 17:12 – Updated: 2025-05-03 00:06
VLAI
Title
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Summary
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 124.0.2478.109
(custom)
|
Date Public
2024-05-16 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-26T13:50:19.531438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:03.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:02.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "124.0.2478.109",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "124.0.2478.109",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-05-16T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:06:36.573Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30056"
}
],
"title": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-30056",
"datePublished": "2024-05-25T17:12:50.384Z",
"dateReserved": "2024-03-22T23:12:14.564Z",
"dateUpdated": "2025-05-03T00:06:36.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30321 (GCVE-0-2024-30321)
Vulnerability from cvelistv5 – Published: 2024-07-09 12:04 – Updated: 2025-08-27 20:42
VLAI
Summary
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.
This could allow an unauthenticated remote attacker to retrieve information such as users and passwords.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SIMATIC PCS 7 V9.1 |
Affected:
0 , < V9.1 SP2 UC05
(custom)
|
|
| Siemens | SIMATIC WinCC Runtime Professional V18 |
Affected:
0 , < V18 Update 5
(custom)
|
|
| Siemens | SIMATIC WinCC Runtime Professional V19 |
Affected:
0 , < V19 Update 2
(custom)
|
|
| Siemens | SIMATIC WinCC V7.4 |
Affected:
0 , < V7.4 SP1 Update 23
(custom)
|
|
| Siemens | SIMATIC WinCC V7.5 |
Affected:
0 , < V7.5 SP2 Update 17
(custom)
|
|
| Siemens | SIMATIC WinCC V8.0 |
Affected:
0 , < V8.0 Update 5
(custom)
|
|
| siemens | simatic_pcs_7 |
Affected:
9.1 , < 10
(custom)
cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:* |
|
| siemens | simatic_wincc |
Affected:
7.4 , < 7.4_sp1_update_23
(custom)
Affected: 7.5 , < 7.5_sp2_update_17 (custom) Affected: 8.0 , < 8.0_update_5 (custom) cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:* |
|
| siemens | simatic_wincc_runtime_professional |
Affected:
18 , < 19
(custom)
Affected: 19 , < 19_update_2 (custom) cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-883918.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_pcs_7",
"vendor": "siemens",
"versions": [
{
"lessThan": "10",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_wincc",
"vendor": "siemens",
"versions": [
{
"lessThan": "7.4_sp1_update_23",
"status": "affected",
"version": "7.4",
"versionType": "custom"
},
{
"lessThan": "7.5_sp2_update_17",
"status": "affected",
"version": "7.5",
"versionType": "custom"
},
{
"lessThan": "8.0_update_5",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_wincc",
"vendor": "siemens",
"versions": [
{
"lessThan": "7.4_sp1_update_23",
"status": "affected",
"version": "7.4",
"versionType": "custom"
},
{
"lessThan": "7.5_sp2_update_17",
"status": "affected",
"version": "7.5",
"versionType": "custom"
},
{
"lessThan": "8.0_update_5",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_wincc",
"vendor": "siemens",
"versions": [
{
"lessThan": "7.4_sp1_update_23",
"status": "affected",
"version": "7.4",
"versionType": "custom"
},
{
"lessThan": "7.5_sp2_update_17",
"status": "affected",
"version": "7.5",
"versionType": "custom"
},
{
"lessThan": "8.0_update_5",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_wincc_runtime_professional",
"vendor": "siemens",
"versions": [
{
"lessThan": "19",
"status": "affected",
"version": "18",
"versionType": "custom"
},
{
"lessThan": "19_update_2",
"status": "affected",
"version": "19",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_wincc_runtime_professional",
"vendor": "siemens",
"versions": [
{
"lessThan": "19",
"status": "affected",
"version": "18",
"versionType": "custom"
},
{
"lessThan": "19_update_2",
"status": "affected",
"version": "19",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T16:20:35.487955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:53.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS 7 V9.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.1 SP2 UC05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Runtime Professional V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V18 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Runtime Professional V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V19 Update 2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V7.4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.4 SP1 Update 23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V7.5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.5 SP2 Update 17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V8.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions \u003c V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions \u003c V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions \u003c V19 Update 2), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions \u003c V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.\r\nThis could allow an unauthenticated remote attacker to retrieve information such as users and passwords."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T12:49:28.352Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-883918.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-30321",
"datePublished": "2024-07-09T12:04:43.997Z",
"dateReserved": "2024-03-26T16:42:16.797Z",
"dateUpdated": "2025-08-27T20:42:53.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37136 (GCVE-0-2024-37136)
Vulnerability from cvelistv5 – Published: 2024-09-03 05:42 – Updated: 2024-09-04 08:45
VLAI
Summary
Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022743… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Path to Power |
Affected:
1.1,1.2
|
Date Public
2024-09-03 05:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T13:30:55.682516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T13:31:45.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Path to Power",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "1.1,1.2"
}
]
}
],
"datePublic": "2024-09-03T05:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure."
}
],
"value": "Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T08:45:27.261Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227430/dsa-2024-291-security-update-for-dell-path-to-powerprotect-for-security-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-37136",
"datePublished": "2024-09-03T05:42:17.136Z",
"dateReserved": "2024-06-03T12:10:32.205Z",
"dateUpdated": "2024-09-04T08:45:27.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37533 (GCVE-0-2024-37533)
Vulnerability from cvelistv5 – Published: 2024-07-24 17:05 – Updated: 2024-08-02 03:57
VLAI
Title
IBM InfoSphere Information Server information disclosure
Summary
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-359 - Exposure of Private Information ('Privacy Violation')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7159173 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | InfoSphere Information Server |
Affected:
11.7
cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T17:50:13.285042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T17:50:20.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:57:39.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159173"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/294727"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "InfoSphere Information Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727."
}
],
"value": "IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Information (\u0027Privacy Violation\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T17:05:56.222Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159173"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/294727"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM InfoSphere Information Server information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-37533",
"datePublished": "2024-07-24T17:05:56.222Z",
"dateReserved": "2024-06-09T13:59:02.608Z",
"dateUpdated": "2024-08-02T03:57:39.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38103 (GCVE-0-2024-38103)
Vulnerability from cvelistv5 – Published: 2024-07-25 21:33 – Updated: 2025-12-09 23:47
VLAI
Title
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Summary
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 127.0.2651.74
(custom)
|
Date Public
2024-07-25 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38103"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T13:00:31.741547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T13:43:28.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "127.0.2651.74",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "127.0.2651.74",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-07-25T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T23:47:48.065Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38103"
}
],
"title": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-38103",
"datePublished": "2024-07-25T21:33:26.843Z",
"dateReserved": "2024-06-11T22:36:08.184Z",
"dateUpdated": "2025-12-09T23:47:48.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Requirements
Description:
- Identify and consult all relevant regulations for personal privacy. An organization may be required to comply with certain federal and state regulations, depending on its location, the type of business it conducts, and the nature of any private data it handles. Regulations may include Safe Harbor Privacy Framework [REF-340], Gramm-Leach Bliley Act (GLBA) [REF-341], Health Insurance Portability and Accountability Act (HIPAA) [REF-342], General Data Protection Regulation (GDPR) [REF-1047], California Consumer Privacy Act (CCPA) [REF-1048], and others.
Mitigation
Phase: Architecture and Design
Description:
- Carefully evaluate how secure design may interfere with privacy, and vice versa. Security and privacy concerns often seem to compete with each other. From a security perspective, all important operations should be recorded so that any anomalous activity can later be identified. However, when private data is involved, this practice can in fact create risk. Although there are many ways in which private data can be handled unsafely, a common risk stems from misplaced trust. Programmers often trust the operating environment in which a program runs, and therefore believe that it is acceptable store private information on the file system, in the registry, or in other locally-controlled resources. However, even if access to certain resources is restricted, this does not guarantee that the individuals who do have access can be trusted.
Mitigation ID: MIT-57
Phases: Implementation, Operation
Strategy: Attack Surface Reduction
Description:
- Some tools can automatically analyze documents to redact, strip, or "sanitize" private information, although some human review might be necessary. Tools may vary in terms of which document formats can be processed.
- When calling an external program to automatically generate or convert documents, invoke the program with any available options that avoid generating sensitive metadata. Some formats have well-defined fields that could contain private data, such as Exchangeable image file format (Exif), which can contain potentially sensitive metadata such as geolocation, date, and time [REF-1515] [REF-1516].
CAPEC-464: Evercookie
An attacker creates a very persistent cookie that stays present even after the user thinks it has been removed. The cookie is stored on the victim's machine in over ten places. When the victim clears the cookie cache via traditional means inside the browser, that operation removes the cookie from certain places but not others. The malicious code then replicates the cookie from all of the places where it was not deleted to all of the possible storage locations once again. So the victim again has the cookie in all of the original storage locations. In other words, failure to delete the cookie in even one location will result in the cookie's resurrection everywhere. The evercookie will also persist across different browsers because certain stores (e.g., Local Shared Objects) are shared between different browsers.
CAPEC-467: Cross Site Identification
An attacker harvests identifying information about a victim via an active session that the victim's browser has with a social networking site. A victim may have the social networking site open in one tab or perhaps is simply using the "remember me" feature to keep their session with the social networking site active. An attacker induces a payload to execute in the victim's browser that transparently to the victim initiates a request to the social networking site (e.g., via available social network site APIs) to retrieve identifying information about a victim. While some of this information may be public, the attacker is able to harvest this information in context and may use it for further attacks on the user (e.g., spear phishing).
CAPEC-498: Probe iOS Screenshots
An adversary examines screenshot images created by iOS in an attempt to obtain sensitive information. This attack targets temporary screenshots created by the underlying OS while the application remains open in the background.
CAPEC-508: Shoulder Surfing
In a shoulder surfing attack, an adversary observes an unaware individual's keystrokes, screen content, or conversations with the goal of obtaining sensitive information. One motive for this attack is to obtain sensitive information about the target for financial, personal, political, or other gains. From an insider threat perspective, an additional motive could be to obtain system/application credentials or cryptographic keys. Shoulder surfing attacks are accomplished by observing the content "over the victim's shoulder", as implied by the name of this attack.