CVEbaza.plCWE DictionaryCWE-528
Common Weakness Enumeration

CWE-528

Exposure of Core Dump File to an Unauthorized Control Sphere

Category: VariantCVE: 2
Description

The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.

CVE vulnerabilities with CWE-528 (2)
5.9
CVSS
MEDIUM
CVE-2024-10403

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.

pub. 2024-11-21
4.0
CVSS
MEDIUM
CVE-2025-48928

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.

pub. 2025-05-28🚩 CISA KEV⚡ EXPLOIT
Information
ID: CWE-528
Type: Variant
Vulnerabilities: 2
MITRE CWE ↗
← CWE Dictionary