CWE-668— Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.— MITRE CWE catalog
1,109 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-668page 19 of 23
- CVE-2023-30960MEDIUMCVSS 4.3EG 4.32023-07-10
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was roll…
- CVE-2023-31014MEDIUMCVSS 4.2EG 4.22023-09-20
NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnera…
- CVE-2023-31103HIGHCVSS 7.5EG 7.52023-05-22
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are …
- CVE-2023-31206HIGHCVSS 7.5EG 7.52023-05-22
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advi…
- CVE-2023-31818HIGHCVSS 7.5EG 7.52023-07-11
An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.
- CVE-2023-32016MEDIUMCVSS 5.5EG 5.52023-06-14
Windows Installer Information Disclosure Vulnerability
- CVE-2023-32019MEDIUMCVSS 4.7EG 4.72023-06-14
Windows Kernel Information Disclosure Vulnerability
- CVE-2023-32275MEDIUMCVSS 5.5EG 5.52023-10-12
An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets…
- CVE-2023-32394LOWCVSS 2.4EG 2.42023-06-23
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock scre…
- CVE-2023-32550CRITICALCVSS 9.3EG 9.32023-06-06
Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API.
- CVE-2023-32613HIGHCVSS 8.1EG 8.12023-06-30
Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.
- CVE-2023-3270HIGHCVSS 8.6EG 8.62023-07-10
Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.
- CVE-2023-32759HIGHCVSS 7.5EG 7.52023-07-14
An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.
- CVE-2023-32760HIGHCVSS 7.7EG 7.72023-07-14
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.
- CVE-2023-3299LOWCVSS 3.4EG 3.42023-07-20
HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
- CVE-2023-33293MEDIUMCVSS 5.3EG 5.32023-05-22
An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-…
- CVE-2023-33368MEDIUMCVSS 6.5EG 6.52023-08-03
Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.
- CVE-2023-33510HIGHCVSS 7.5EG 7.52023-06-07
Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.
- CVE-2023-33518MEDIUMCVSS 5.3EG 5.32023-06-05
emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.
- CVE-2023-34114HIGHCVSS 7.4EG 7.42023-06-13
Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access.
- CVE-2023-34119HIGHCVSS 8.2EG 8.22023-07-11
Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
- CVE-2023-34189MEDIUMCVSS 6.5EG 6.52023-07-25
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only th…
- CVE-2023-34250MEDIUMCVSS 4.8EG 4.82023-06-13
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number …
- CVE-2023-34467HIGHCVSS 7.5EG 7.52023-06-23
XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end u…
- CVE-2023-3455CRITICALCVSS 9.1EG 9.12023-07-05
Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity.
- CVE-2023-3456MEDIUMCVSS 5.3EG 5.32023-07-06
Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2023-34725MEDIUMCVSS 6.8EG 6.82023-08-28
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.
- CVE-2023-35013LOWCVSS 2.3EG 2.32023-10-16
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769.
- CVE-2023-35151HIGHCVSS 7.5EG 7.52023-06-23
XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activat…
- CVE-2023-35696HIGHCVSS 7.5EG 7.52023-07-10
Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests.
- CVE-2023-36013MEDIUMCVSS 6.5EG 6.52023-11-20
PowerShell Information Disclosure Vulnerability
- CVE-2023-36043MEDIUMCVSS 6.5EG 6.52023-11-14
Open Management Infrastructure Information Disclosure Vulnerability
- CVE-2023-36429MEDIUMCVSS 6.5EG 6.52023-10-10
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
- CVE-2023-36596HIGHCVSS 7.5EG 6.52023-10-10
Remote Procedure Call Information Disclosure Vulnerability
- CVE-2023-3670HIGHCVSS 7.3EG 7.32023-07-28
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts tha…
- CVE-2023-36761MEDIUMCVSS 6.5EG 9.0⚠ KEV2023-09-12
Microsoft Word Information Disclosure Vulnerability
- CVE-2023-37599HIGHCVSS 7.5EG 9.02023-07-13
An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
- CVE-2023-37645MEDIUMCVSS 5.3EG 5.32023-07-20
eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.
- CVE-2023-37911MEDIUMCVSS 6.5EG 6.52023-10-25
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possi…
- CVE-2023-38152MEDIUMCVSS 5.3EG 5.32023-09-12
DHCP Server Service Information Disclosure Vulnerability
- CVE-2023-38160MEDIUMCVSS 5.5EG 5.52023-09-12
Windows TCP/IP Information Disclosure Vulnerability
- CVE-2023-38558MEDIUMCVSS 5.5EG 5.52023-09-14
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attack…
- CVE-2023-38830HIGHCVSS 7.5EG 7.52023-08-10
An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module.
- CVE-2023-38955HIGHCVSS 7.5EG 7.52023-08-03
ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.
- CVE-2023-38994HIGHCVSS 7.9EG 7.92023-10-31
The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privile…
- CVE-2023-39039MEDIUMCVSS 6.5EG 6.52023-09-18
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
- CVE-2023-39040MEDIUMCVSS 6.5EG 6.52023-09-18
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
- CVE-2023-39043MEDIUMCVSS 6.5EG 6.52023-09-18
An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
- CVE-2023-39046MEDIUMCVSS 6.5EG 6.52023-09-18
An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
- CVE-2023-39049MEDIUMCVSS 6.5EG 6.52023-09-18
An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
Map vulnerabilities like CWE-668 to your infrastructure
EchelonGraph correlates every CVE — across CWE-668 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →