1. Home
  2. CVE Database
  3. CVE-2024-12564
NONE · 0

CVE-2024-12564

Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthor...

Vulnerability Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation.

Related Weaknesses (CWE)

CWE-732CWE-200CWE-276

References

FAQ

What is CVE-2024-12564?

CVE-2024-12564 is a documented vulnerability. Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthor...

How severe is CVE-2024-12564?

CVSS scoring is not yet available for CVE-2024-12564. Check NVD for updates.

Is there a patch for CVE-2024-12564?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.