CWE-612

Total CVEs
6
Vulnerabilities
Avg CVSS v3
6.6
Medium
Avg CVSS v2
5.5
Medium
Latest CVE
2024
Most Recent

Severity Distribution

Critical 0
0%
High 2
33.3%
Medium 3
50%
Low 1
16.7%

External References

MITRE CWE
Official CWE definition
NIST NVD
Search CVEs by CWE

All CVEs (6)

Page 1 of 1

CVE-2024-25635

HIGH
CVSS:8.8(High)

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the `http://192.168.26...

CWE-6122024

CVE-2022-35980

HIGH
CVSS:7.5(High)

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure v...

CWE-6122022

CVE-2024-49071

MEDIUM
CVSS:6.5(Medium)

Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.

CWE-6122024

CVE-2023-4560

MEDIUM
CVSS:6.5(Medium)

Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.

CWE-6122023

CVE-2022-41918

MEDIUM
CVSS:6.3(Medium)

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level sec...

CWE-6122022

CVE-2022-22565

LOW
CVSS:3.8(Low)

Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerabil...

CWE-6122022