CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-42442 LOW
IBM Robotic Process Automation for Cloud Pak < 21.0.6 - Exposure of Sensitive Information via Tenant Owner Email
CVSS 3.3
CVE-2022-39378 MEDIUM
Discourse < 2.8.9 - Unauthorized Exposure of Sensitive Topic Titles via User Badge
CVSS 5.3
CVE-2022-35842 LOW
FortiOS SSL-VPN <7.2.0, <7.0.0-7.0.6, <6.4.0-6.4.9 - Info Disclosure
CVSS 3.7
CVE-2022-33878 LOW
FortiClient for Mac <7.0.5 - Info Disclosure
CVSS 2.2
CVE-2022-42819 MEDIUM
macOS 11.0-11.7 - Unprotected User Data Exposure via Location Information Access
CVSS 5.5
CVE-2022-42818 MEDIUM
macOS < 12.6 - Unprotected User Data Exposure
CVSS 5.9
CVE-2022-42817 MEDIUM
iPadOS < 15.7.1 - Unauthorized Sensitive Data Exposure via Malicious Website
CVSS 6.5
CVE-2022-42815 MEDIUM
macOS < 13.0 - Unprotected User Data Exposure
CVSS 5.5
CVE-2022-42810 MEDIUM
iPadOS < 15.7.1 - Memory Contents Exposure via USD File Processing
CVSS 5.5
CVE-2022-32913 LOW
iPhone OS < 16.0, macOS 11.0-11.7, tvOS < 16.0, watchOS < 9.0 - Unauthorized App State Exposure via Camera
CVSS 3.3
CVE-2022-32877 MEDIUM
macOS 11.0-11.7 - Unprotected User Data Exposure via Configuration Issue
CVSS 5.5
CVE-2022-32875 MEDIUM
iPhone OS < 16.0, macOS 11.0-11.7, watchOS < 9.0 - Unauthorized Sensitive Location Information Exposure
CVSS 5.0
CVE-2022-32870 LOW
iPhone OS < 16.0, macOS < 13.0, watchOS < 9.0 - Unauthorized Call History Exposure via Siri
CVSS 2.4
CVE-2022-32862 MEDIUM
macOS 11.0-11.7.1 - Unprotected User Data Exposure via Root App Access
CVSS 5.5
CVE-2022-32858 MEDIUM
iPhone OS < 16.0, macOS < 13.0, watchOS < 9.0 - Unauthorized Sensitive Kernel State Exposure
CVSS 5.5
CVE-2022-32835 LOW
iPhone OS < 16.0 and watchOS < 9.0 - Unauthorized Persistent Device Identifier Exposure
CVSS 3.3
CVE-2022-23738 MEDIUM
GitHub Enterprise Server < 3.2.20 - Unauthorized Private Repository File Access via Cache Key Manipulation
CVSS 5.7
CVE-2022-39018 HIGH
M-Files Hubshare <3.3.11.3 - Info Disclosure
CVSS 8.2
CVE-2022-24670 HIGH
ForgeRock Access Management 6.0.0-6.0.0.6 - Exposure of Sensitive Information via Unrestricted LDAP Queries
CVSS 7.1
CVE-2022-39359 MEDIUM
Metabase 0.41.0-0.41.8 - Open Redirect via GeoJSON Map URL
CVSS 6.5
CVE-2022-39358 MEDIUM
Metabase 0.42.0-0.42.5 - Improper Locking via Embedded Dashboard Request
CVSS 6.5
CVE-2022-20955 MEDIUM
Cisco TelePresence Collaboration Endpoint and RoomOS - Path Traversal and Arbitrary File Write
CVSS 5.5
CVE-2022-20954 MEDIUM
Cisco TelePresence Collaboration Endpoint < 10.19.1 and RoomOS - Path Traversal and Arbitrary File Write
CVSS 5.5
CVE-2022-20953 MEDIUM
Cisco TelePresence Collaboration Endpoint < 10.19.1 and RoomOS - Path Traversal
CVSS 5.5
CVE-2022-20811 MEDIUM
Cisco TelePresence 9.0.0.0-9.15.12.9 & RoomOS <10.15.1 - Path Traversal & Arbitrary File Write
CVSS 5.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits