Information disclosure in Open Design Alliance Cde Inweb Sdk
CVE-2024-12564
Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics…
Vulnerability class: Information Disclosure
EPSS: 0.006 (45.8th percentile) — read the EPSS interpretation.
Affected products
- Open Design Alliance Cde Inweb Sdk — versions 0