CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1252 vulnerabilities reference this CWE, most recent first.
GHSA-M95M-2XC3-P525
Vulnerability from github – Published: 2021-12-01 00:00 – Updated: 2022-08-10 00:00Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said components in the front-end source code or other means.
{
"affected": [],
"aliases": [
"CVE-2021-42116"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-30T12:15:00Z",
"severity": "MODERATE"
},
"details": "Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH\u00e2\u20ac\u2122s TopEase\u00c2\u00ae Platform Version \u003c= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said components in the front-end source code or other means.",
"id": "GHSA-m95m-2xc3-p525",
"modified": "2022-08-10T00:00:23Z",
"published": "2021-12-01T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42116"
},
{
"type": "WEB",
"url": "https://confluence.topease.ch/confluence/display/DOC/Release+Notes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MC25-V4MW-CVR9
Vulnerability from github – Published: 2022-01-04 00:00 – Updated: 2022-07-13 00:01Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure.
{
"affected": [],
"aliases": [
"CVE-2021-39980"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-03T22:15:00Z",
"severity": "MODERATE"
},
"details": "Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure.",
"id": "GHSA-mc25-v4mw-cvr9",
"modified": "2022-07-13T00:01:39Z",
"published": "2022-01-04T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39980"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202110-0000001162998526"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MC5P-GX9G-CGP5
Vulnerability from github – Published: 2022-05-11 00:00 – Updated: 2025-01-02 21:31Windows Server Service Information Disclosure Vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-26936"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-10T21:15:00Z",
"severity": "MODERATE"
},
"details": "Windows Server Service Information Disclosure Vulnerability.",
"id": "GHSA-mc5p-gx9g-cgp5",
"modified": "2025-01-02T21:31:33Z",
"published": "2022-05-11T00:00:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26936"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26936"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26936"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MC7V-26CQ-J49V
Vulnerability from github – Published: 2021-12-16 00:02 – Updated: 2022-05-24 00:00Windows Common Log File System Driver Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2021-43224"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T15:15:00Z",
"severity": "MODERATE"
},
"details": "Windows Common Log File System Driver Information Disclosure Vulnerability",
"id": "GHSA-mc7v-26cq-j49v",
"modified": "2022-05-24T00:00:46Z",
"published": "2021-12-16T00:02:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43224"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43224"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MC9M-F6J8-4J47
Vulnerability from github – Published: 2023-10-11 12:30 – Updated: 2024-04-04 08:33Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.
{
"affected": [],
"aliases": [
"CVE-2023-44102"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-11T12:15:11Z",
"severity": "MODERATE"
},
"details": "Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.",
"id": "GHSA-mc9m-f6j8-4j47",
"modified": "2024-04-04T08:33:49Z",
"published": "2023-10-11T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44102"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2023/10"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MCRX-HFRQ-XQ94
Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-08 00:00Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege.
{
"affected": [],
"aliases": [
"CVE-2022-39857"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-07T15:15:00Z",
"severity": "MODERATE"
},
"details": "Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege.",
"id": "GHSA-mcrx-hfrq-xq94",
"modified": "2022-10-08T00:00:17Z",
"published": "2022-10-07T18:15:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39857"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MFW9-VJXF-GVR8
Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2026-21528"
],
"database_specific": {
"cwe_ids": [
"CWE-1327",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T18:16:35Z",
"severity": "MODERATE"
},
"details": "Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-mfw9-vjxf-gvr8",
"modified": "2026-02-10T18:30:42Z",
"published": "2026-02-10T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21528"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21528"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MG9R-PCRH-RR7F
Vulnerability from github – Published: 2023-07-14 18:31 – Updated: 2024-04-04 06:08An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.
{
"affected": [],
"aliases": [
"CVE-2023-32759"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-14T18:15:09Z",
"severity": "MODERATE"
},
"details": "An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.",
"id": "GHSA-mg9r-pcrh-rr7f",
"modified": "2024-04-04T06:08:42Z",
"published": "2023-07-14T18:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32759"
},
{
"type": "WEB",
"url": "https://www.archerirm.community/t5/product-advisories/archer-announces-availability-of-archer-release-6-13/ta-p/697821"
},
{
"type": "WEB",
"url": "https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/702362"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MGG2-P2X6-83VP
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-07-13 00:01This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root.
{
"affected": [],
"aliases": [
"CVE-2021-30828"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-19T14:15:00Z",
"severity": "MODERATE"
},
"details": "This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root.",
"id": "GHSA-mgg2-p2x6-83vp",
"modified": "2022-07-13T00:01:24Z",
"published": "2022-05-24T19:17:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30828"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212804"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212805"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MH3F-2XWC-5R5J
Vulnerability from github – Published: 2023-06-14 00:30 – Updated: 2024-04-04 04:48Windows Kernel Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2023-32019"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-14T00:15:11Z",
"severity": "MODERATE"
},
"details": "Windows Kernel Information Disclosure Vulnerability",
"id": "GHSA-mh3f-2xwc-5r5j",
"modified": "2024-04-04T04:48:58Z",
"published": "2023-06-14T00:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32019"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32019"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/173310/Windows-Kernel-KTM-Registry-Transactions-Non-Atomic-Outcomes.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.