Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-8M3P-XV8V-VGP2

Vulnerability from github – Published: 2022-05-24 22:01 – Updated: 2022-07-13 00:01
VLAI
Details

Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40639"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-15T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties\u0026config=filemanager.config.js.",
  "id": "GHSA-8m3p-xv8v-vgp2",
  "modified": "2022-07-13T00:01:40Z",
  "published": "2022-05-24T22:01:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40639"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jflyfox/jfinal_cms/issues/27"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jflyfox/jfinal_cms"
    },
    {
      "type": "WEB",
      "url": "http://jfinalcms.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M6G-GH88-8293

Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-07-13 00:01
VLAI
Details

Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26444, CVE-2021-42323.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42301"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-10T01:19:00Z",
    "severity": "MODERATE"
  },
  "details": "Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26444, CVE-2021-42323.",
  "id": "GHSA-8m6g-gh88-8293",
  "modified": "2022-07-13T00:01:42Z",
  "published": "2022-05-24T19:20:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42301"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42301"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M9F-86MH-W32Q

Vulnerability from github – Published: 2022-08-02 00:00 – Updated: 2022-08-05 00:00
VLAI
Details

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22334"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-01T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391.",
  "id": "GHSA-8m9f-86mh-w32q",
  "modified": "2022-08-05T00:00:25Z",
  "published": "2022-08-02T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22334"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219391"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6608550"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8MM2-M2GP-C6X2

Vulnerability from github – Published: 2023-11-09 21:30 – Updated: 2023-11-17 21:57
VLAI
Summary
Moodle Improper Access Control vulnerability
Details

Students in "Only see own membership" groups could see other students in the group, which should be hidden.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.0-rc2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-5542"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-10T00:40:49Z",
    "nvd_published_at": "2023-11-09T20:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Students in \"Only see own membership\" groups could see other students in the group, which should be hidden.",
  "id": "GHSA-8mm2-m2gp-c6x2",
  "modified": "2023-11-17T21:57:45Z",
  "published": "2023-11-09T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5542"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/b0bb97ee3b481dd85d8f1ed3612f70c9d1939014"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243441"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moodle/moodle"
    },
    {
      "type": "WEB",
      "url": "https://moodle.org/mod/forum/discuss.php?d=451583"
    },
    {
      "type": "WEB",
      "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-79213"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Moodle Improper Access Control vulnerability"
}

GHSA-8MP4-2M2J-25XX

Vulnerability from github – Published: 2021-11-20 00:00 – Updated: 2026-04-02 15:31
VLAI
Details

Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42744"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-552",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-19T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access.",
  "id": "GHSA-8mp4-2m2j-25xx",
  "modified": "2026-04-02T15:31:34Z",
  "published": "2021-11-20T00:00:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42744"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
    },
    {
      "type": "WEB",
      "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8MQ9-RQPM-7C34

Vulnerability from github – Published: 2022-05-13 00:00 – Updated: 2022-05-25 00:00
VLAI
Details

Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. This information may or may not be sensitive and does not automatically mean a breach is likely to occur. Overall, any information that could be used for an attack should be limited whenever possible.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27769"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-12T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. This information may or may not be sensitive and does not automatically mean a breach is likely to occur. Overall, any information that could be used for an attack should be limited whenever possible.",
  "id": "GHSA-8mq9-rqpm-7c34",
  "modified": "2022-05-25T00:00:24Z",
  "published": "2022-05-13T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27769"
    },
    {
      "type": "WEB",
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097430"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8QVV-QWJG-P4QV

Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-12 12:00
VLAI
Details

Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39871"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-07T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.",
  "id": "GHSA-8qvv-qwjg-p4qv",
  "modified": "2022-10-12T12:00:30Z",
  "published": "2022-10-07T18:15:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39871"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8R5P-3W3P-M2RH

Vulnerability from github – Published: 2022-02-08 00:00 – Updated: 2023-08-08 15:31
VLAI
Details

UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can access to the internal network, the configuration information may be obtained.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-44746"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-01T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can access to the internal network, the configuration information may be obtained.",
  "id": "GHSA-8r5p-3w3p-m2rh",
  "modified": "2023-08-08T15:31:37Z",
  "published": "2022-02-08T00:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44746"
    },
    {
      "type": "WEB",
      "url": "https://www.necplatforms.co.jp/en/product/security_adv/211217.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8RG8-WFMH-W9W9

Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2022-11-10 19:01
VLAI
Details

Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280",
      "CWE-668",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-09T22:15:00Z",
    "severity": "LOW"
  },
  "details": "Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information.",
  "id": "GHSA-8rg8-wfmh-w9w9",
  "modified": "2022-11-10T19:01:10Z",
  "published": "2022-11-10T12:01:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39886"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8W9Q-27HJ-CVGR

Vulnerability from github – Published: 2022-01-04 00:00 – Updated: 2022-07-13 00:01
VLAI
Details

MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could compromise confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39972"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-03T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could compromise confidentiality.",
  "id": "GHSA-8w9q-27hj-cvgr",
  "modified": "2022-07-13T00:01:39Z",
  "published": "2022-01-04T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39972"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202110-0000001162998526"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.