CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere

Description

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

Latest vulnerabilities for CWE-497

Information disclosure in Assured Telematics Fleet Management System 2025-05-27
High Yes

Exposure of Sensitive System Information to an Unauthorized Control Sphere in Fortinet FortiClient for Windows 2025-05-13
Low Yes

Multiple vulnerabilities in INFINITT Healthcare INFINITT PACS 2025-05-06
High Yes

Information disclosure in Vestel AC Charger EVC04 2025-04-25
High Yes

Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Control Center 2025-04-23
Low Yes

Information disclosure in Gnome Yelp 2025-04-23
Medium No

Information disclosure in cifs-utils 2025-04-22
Low Yes

Multiple vulnerabilities in Google Android 2025-04-07
High Yes

Multiple vulnerabilities in Qualcomm chipsets 2025-04-07
High Yes

Multiple vulnerabilities in Inaba Denki Sangyo products 2025-04-07
High Yes

References

Description of CWE-497 on Mitre website