Vulnerabilities (CVE)

Filtered by CWE-525
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-45314 1 Dpgaspar 1 Flask App Builder 2024-09-12 N/A 5.5 MEDIUM
Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If upgrading is not possible, configure one's web server to send the specific HTTP headers for `/login` per the directions provided in the GitHub Security Advisory.
CVE-2024-22333 1 Ibm 2 Maximo Application Suite, Maximo Asset Management 2024-08-24 N/A 3.3 LOW
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973.
CVE-2022-38383 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2024-08-01 N/A 3.3 LOW
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673.
CVE-2024-30130 2024-07-19 N/A 3.7 LOW
HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.
CVE-2024-25142 2024-06-17 N/A N/A
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache Airflow: before 2.9.2. Users are recommended to upgrade to version 2.9.2, which fixes the issue.
CVE-2022-43841 2024-05-30 N/A 4.0 MEDIUM
IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078.
CVE-2024-22343 2024-05-14 N/A 4.0 MEDIUM
IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 280190.
CVE-2023-46181 1 Ibm 1 Sterling Secure Proxy 2024-03-19 N/A 3.3 LOW
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.
CVE-2023-27545 2024-02-29 N/A 4.0 MEDIUM
IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947.
CVE-2021-42015 1 Mendix 1 Mendix 2024-02-28 1.9 LOW 5.5 MEDIUM
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache.