CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Official CWE-497 definition at MITREImpactr finds and proves weaknesses like CWE-497 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist