CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-20497 MEDIUM
Android - Local Information Disclosure via Lockscreen Notification State Transition
CVSS 4.6
CVE-2022-37930 MEDIUM
HPE Nimble Storage Hybrid Flash Arrays and Secondary Flash Arrays < 5.2.1.900 - Local Sensitive Information Exposure
CVSS 6.7
CVE-2022-37909 MEDIUM
Aruba SD-WAN 8.7.0.0-2.3.0.5 & ArubaOS 6.5.4.0-6.5.4.21 - Sensitive Information Exposure via ESSID
CVSS 5.3
CVE-2022-23497 MEDIUM
FreshRSS 1.18.0-1.20.1 - Unauthenticated Exposure of Sensitive Information via Configuration File Access
CVSS 6.5
CVE-2022-46158 MEDIUM
PrestaShop <1.7.8.8 - Info Disclosure
CVSS 5.3
CVE-2022-23469 LOW
Traefik < 2.9.6 - Sensitive Information Disclosure in Debug Logs
CVSS 3.5
CVE-2022-46825 MEDIUM
JetBrains IntelliJ IDEA <2022.3 - Info Disclosure
CVSS 4.0
CVE-2022-39914 MEDIUM
Android < 13.0 - Unauthorized Sensitive Information Exposure via DisplayManagerService
CVSS 4.0
CVE-2022-39913 MEDIUM
Android < 13.0 - Exposure of Sensitive Information via Persona Manager
CVSS 6.8
CVE-2022-39904 LOW
Google Android - Information Disclosure
CVSS 3.3
CVE-2022-39903 MEDIUM
Android - Exposure of Sensitive Information via RCS Call Access Control
CVSS 4.0
CVE-2022-39897 MEDIUM
Android - Sensitive Information Exposure via Kernel Log
CVSS 4.4
CVE-2022-42782 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in WLAN Driver
CVSS 5.5
CVE-2022-42766 MEDIUM
Android - Missing Authorization in WLAN Driver
CVSS 5.5
CVE-2022-32221 CRITICAL
curl - Exposure of Sensitive Information via Reused Handle Logic
CVSS 9.8
CVE-2022-2827 HIGH
AMI MegaRAC SP-X - Unauthenticated Exposure of Sensitive Information via User Enumeration
CVSS 7.5
CVE-2022-41971 MEDIUM
Nextcloud Talk 12.0.0-12.2.7 - Unauthorized Video Stream Access After Removal
CVSS 4.8
CVE-2022-43901 MEDIUM
IBM WebSphere Automation <1.4.3 - Info Disclosure
CVSS 5.7
CVE-2022-28607 HIGH
ISIC Tour Booking <Feb 13th 2018 - Info Disclosure
CVSS 7.5
CVE-2022-1911 MEDIUM
M-Files Server <22.6.11534.1, <22.6.11505.0 - Info Disclosure
CVSS 5.3
CVE-2022-4228 MEDIUM
Book Store Management System 1.0 - Information Disclosure via User Edit Password Parameter
CVSS 5.3
CVE-2022-46150 MEDIUM
Discourse <2.8.13-2.9.0.beta14 - Info Disclosure
CVSS 4.3
CVE-2022-41944 LOW
Discourse < 2.8.12 - Unauthorized Sensitive Information Exposure via Topic Notifications
CVSS 3.5
CVE-2022-41954 LOW
mpxj < 10.14.1 - Insecure Temporary File Permissions on Unix-like Systems
CVSS 3.3
CVE-2022-41926 LOW
Nextcloud Talk < 14.1.0 - Unauthorized Communication Monitoring via Unprotected Broadcast Receiver
CVSS 3.3
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits