Skip to main content

CWE-528

Exposure of Core Dump File to an Unauthorized Control Sphere

2 CVEs Avg CVSS 5.0 MITRE
0
CRITICAL
0
HIGH
2
MEDIUM
0
LOW
0
POC
1
KEV

Monthly

CVE-2025-48928 MEDIUM KEV THREAT Act Now

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Information Disclosure Telemessage
NVD
CVSS 3.1
4.0
EPSS
8.3%
CVE-2024-10403 MEDIUM This Month

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 4.0
5.9
EPSS
0.6%
EPSS 8% CVSS 4.0
MEDIUM KEV THREAT Act Now

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Information Disclosure Telemessage
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy