CVEbaza.plSłownik CWECWE-528
Common Weakness Enumeration

CWE-528

Exposure of Core Dump File to an Unauthorized Control Sphere

Kategoria: VariantCVE: 2
Opis

Produkt generuje plik zrzutu pamięci (core dump) w katalogu, archiwum lub innym zasobie, który jest przechowywany, przesyłany lub w inny sposób udostępniany nieuprawnionym użytkownikom. Stanowi to zagrożenie bezpieczeństwa, ponieważ takie pliki mogą zawierać wrażliwe dane z pamięci procesu.

Description (EN)

The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.

Podatności CVE z CWE-528 (2)
5.9
CVSS
MEDIUM
CVE-2024-10403

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.

pub. 2024-11-21
4.0
CVSS
MEDIUM
CVE-2025-48928

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.

pub. 2025-05-28🚩 CISA KEV⚡ EXPLOIT
Informacje
ID: CWE-528
Typ: Variant
Podatności: 2
MITRE CWE ↗
← Słownik CWE