CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-39167 MEDIUM
IBM Spectrum Virtualize 7.8-8.5 - Exposure of Sensitive Information via Man-in-the-Middle
CVSS 5.9
CVE-2022-45925 HIGH
OpenText Extended ECM 16.2.2-22.3 - Information Disclosure via xmlexport requestContext Parameter
CVSS 7.5
CVE-2022-45103 MEDIUM
Dell Unisphere for PowerMax vApp 9.2.3.x - Unauthenticated Arbitrary File Read
CVSS 6.5
CVE-2022-2907 MEDIUM
GitLab 12.9-15.1.5, 15.2-15.2.3, 15.3-15.3.1 - Unauthenticated Repository Content Exposure via Crafted Link
CVSS 5.7
CVE-2022-41859 HIGH
FreeRADIUS < 3.0.0 - Insufficiently Protected Credentials via EAP-PWD Password Element
CVSS 7.5
CVE-2022-3091 HIGH
RONDS EPM <1.19.5 - Privilege Escalation
CVSS 7.5
CVE-2022-48258 MEDIUM
Eternal Terminal 6.2.1 - Unauthorized Sensitive Information Exposure via World-Readable Logfiles
CVSS 5.3
CVE-2022-46371 MEDIUM
Alotcer AR7088H-A <16.10.3 - Info Disclosure
CVSS 5.3
CVE-2022-3870 MEDIUM
GitLab CE/EE <15.5.7-15.6.4-15.7.2 - Info Disclosure
CVSS 5.3
CVE-2022-4457 MEDIUM
Cloudflare WARP < 6.20 - Exposure of Sensitive Information via Task Hijacking
CVSS 5.5
CVE-2022-4543 MEDIUM
Linux Kernel - KASLR Base Leak via EntryBleed TLB Prefetch Side-Channel
CVSS 5.5
CVE-2022-4415 MEDIUM
systemd 246-252 - Local Information Disclosure via systemd-coredump
CVSS 5.5
CVE-2022-0553 MEDIUM
Zephyr < 3.0.0 - Cleartext Transmission of Sensitive Information via Unencrypted Firmware Upload
CVSS 6.5
CVE-2022-46163 HIGH
Travel support program <patched - Info Disclosure
CVSS 7.5
CVE-2022-45167 MEDIUM
Archibus Web Central 2022.03.01.107 - Unauthorized Exposure of User Profile Information
CVSS 4.3
CVE-2022-23509 HIGH
Weave GitOps < 0.12.0 - Cleartext Transmission of Sensitive Information via Local S3 Bucket
CVSS 7.3
CVE-2022-42979 HIGH
RYDE 5.8.43 - Account Takeover via Deep Link Hostname Validation Bypass
CVSS 8.8
CVE-2022-23546 MEDIUM
Discourse < 2.9.0 - Unauthorized Exposure of Sensitive Information via Malicious URL Embedding
CVSS 5.5
CVE-2022-43573 LOW
IBM Robotic Process Automation <21.0.6 - Info Disclosure
CVSS 3.1
CVE-2022-4869 LOW
Evolution Events Artaxerxes - Info Disclosure
CVSS 3.5
CVE-2022-43540 MEDIUM
ClearPass OnGuard macOS - Info Disclosure
CVSS 5.5
CVE-2022-43539 MEDIUM
Aruba ClearPass Policy Manager <6.10.7, <6.9.12 - Info Disclosure
CVSS 5.7
CVE-2022-22337 MEDIUM
IBM Sterling B2B Integrator <6.1.2.1 - Info Disclosure
CVSS 4.3
CVE-2022-46081 HIGH
Garmin Connect 4.61 - Info Disclosure
CVSS 7.5
CVE-2022-3460 HIGH
Octopus Server 2018.1.0-2022.3.10750 - Sensitive Information Exposure in Variable Preview
CVSS 7.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits