CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2023-21449 MEDIUM
Samsung Android Call Application - Exposure of Sensitive Information via Improper Access Control
CVSS 4.0
CVE-2023-25680 MEDIUM
IBM Robotic Process Automation 21.0.1-21.0.5 - Exposure of Sensitive Information in Queue Provider Credentials
CVSS 4.2
CVE-2023-22876 MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.0.3.7 and 6.1.0.0-6.1.2.1 - Authenticated Exposure of Sensitive Information
CVSS 4.3
CVE-2023-24923 MEDIUM
Microsoft OneDrive < - Info Disclosure
CVSS 5.5
CVE-2023-24882 MEDIUM
Microsoft OneDrive for Android - Info Disclosure
CVSS 5.5
CVE-2023-27894 MEDIUM
SAP BusinessObjects BI Platform 420, 430 - Information Disclosure via CMS Injection
CVSS 5.0
CVE-2023-23327 MEDIUM
AvantFAX 3.3.7 - Unauthenticated Exposure of Sensitive Information via Backup Files
CVSS 4.9
CVE-2023-1203 MEDIUM
Devolutions Remote Desktop Manager < 2022.3.1.6 - Authenticated Sensitive Data Exposure in Hub Business Entry Edit
CVSS 6.5
CVE-2023-1263 MEDIUM
CMP - Coming Soon & Maintenance < 4.1.6 - Unauthenticated Information Exposure via cmp_get_post_detail Function
CVSS 5.3
CVE-2023-27481 MEDIUM
Directus < 9.16.0 - Exposure of Sensitive Information via Password Hash Enumeration
CVSS 4.3
CVE-2023-27478 MEDIUM
libmemcached 1.0.18-<1.1.4 - Exposure of Sensitive Information via Timeout Handling
CVSS 6.5
CVE-2023-23776 MEDIUM
FortiAnalyzer 6.4.0-6.4.10, 7.0.0-7.0.4, 7.2.0-7.2.1 - Sensitive Info Exposure via Heartbeat
CVSS 4.6
CVE-2023-22847 MEDIUM
pg_ivm < 1.5.1 - Unauthorized Information Disclosure via Row-Level Security Bypass
CVSS 4.3
CVE-2023-26054 MEDIUM
BuildKit 0.11.0-0.11.3 - Exposure of Sensitive Information via Git Credentials in Provenance Attestation
CVSS 6.5
CVE-2023-25169 LOW
discourse_yearly_review < 0.2 - Exposure of Sensitive Information via Incomplete Anonymization
CVSS 3.1
CVE-2023-26108 LOW
@nestjs/core <9.0.5 - Info Disclosure
CVSS 3.7
CVE-2023-25819 MEDIUM
Discourse tests-passed and beta branches >= 3.1.0.beta2 - Exposure of Private Personal Information via Metadata
CVSS 5.3
CVE-2023-20062 MEDIUM
Cisco Unified Intelligence Center - SSRF
CVSS 6.5
CVE-2023-20061 MEDIUM
Cisco Unified Intelligence Center - SSRF
CVSS 6.5
CVE-2023-26476 HIGH
XWiki Platform <14.7-rc-1, <13.4.4, <13.10.9 - Info Disclosure
CVSS 7.5
CVE-2023-25536 MEDIUM
Dell PowerScale OneFS 9.4.0.0-9.4.0.10 - Authenticated Exposure of Sensitive Information in Certificate Management
CVSS 6.7
CVE-2023-25544 HIGH
Dell NetWorker < 19.6 - Apache Tomcat Version Disclosure
CVSS 7.5
CVE-2023-24567 HIGH
Dell NetWorker <19.5 - Info Disclosure
CVSS 7.5
CVE-2023-1055 MEDIUM
Red Hat Directory Server 11 and 12 - Sensitive Information Disclosure via UserPassword Attribute Misdirection
CVSS 5.5
CVE-2023-23511 MEDIUM
iPadOS < 16.3 - Unauthorized Exposure of Sensitive Information via Privacy Preference Bypass
CVSS 5.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits