Information disclosure in Open Design Alliance Cde Inweb Sdk

CVE-2024-12564

Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics…

Vulnerability class: Information Disclosure

EPSS: 0.006 (45.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References