CWE-37

6 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-37page 1 of 1

CVE-2018-10498MEDIUMCVSS 5.5EG 5.5
2018-09-24
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target sys…
CVE-2022-20962LOWCVSS 3.8EG 8.8
2022-11-04
A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due t…
CVE-2022-25347CRITICALCVSS 9.8EG 7.5
2022-03-29
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.
CVE-2023-20077MEDIUMCVSS 4.9EG 4.9
2023-05-18
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabiliti…
CVE-2023-20087MEDIUMCVSS 4.9EG 4.9
2023-05-18
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabiliti…
CVE-2024-12806MEDIUMCVSS 4.9EG 7.5
2025-01-09
A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.

Map vulnerabilities like CWE-37 to your infrastructure

EchelonGraph correlates every CVE — across CWE-37 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →