CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-20776 MEDIUM
Cisco TelePresence CE/RoomOS - Path Traversal
CVSS 5.5
CVE-2022-33181 MEDIUM
Brocade Fabric OS <9.1.0 - Info Disclosure
CVSS 5.5
CVE-2022-27912 MEDIUM
Joomla! 4.0.0-4.2.3 - Unauthorized Sensitive Information Exposure in Debug Mode
CVSS 5.3
CVE-2022-26423 HIGH
Aethon TUG Home Base Server <24 - Info Disclosure
CVSS 8.2
CVE-2022-1070 HIGH
Aethon TUG Home Base Server < 24 - Unauthenticated Access to Hashed User Credentials
CVSS 8.2
CVE-2022-41707 MEDIUM
Relatedcode's Messenger <7bcd20b - Info Disclosure
CVSS 6.5
CVE-2022-43410 MEDIUM
Jenkins Mercurial Plugin <1251 - Info Disclosure
CVSS 5.3
CVE-2022-39253 MEDIUM
Git < 2.30.6 - Unauthenticated Sensitive Information Exposure via Malicious Symbolic Link in Local Clone
CVSS 5.5
CVE-2022-3501 LOW
OTRS 8.0.0 through 8.0.26 - Information Disclosure
CVSS 3.5
CVE-2022-39309 MEDIUM
GoCD < 21.1.0 - Authenticated Sensitive Data Exposure via Symmetric Key Leak
CVSS 4.9
CVE-2022-38689 MEDIUM
Telephony Service - Info Disclosure
CVSS 5.5
CVE-2022-38688 MEDIUM
Telephony Service - Info Disclosure
CVSS 5.5
CVE-2022-39201 MEDIUM
Grafana 5.0.0-beta1-8.5.13 - Unauthorized Cookie Exposure to Plugins
CVSS 6.8
CVE-2022-31130 MEDIUM
Grafana <9.1.8 & <8.5.14 - Info Disclosure
CVSS 4.9
CVE-2022-33919 HIGH
Dell GeoDrive <2.2 - Info Disclosure
CVSS 7.8
CVE-2022-39013 HIGH
SAP Business Objects Business Intelligence Platform - Authenticated Exposure of OS Credentials
CVSS 7.6
CVE-2022-35296 MEDIUM
SAP BusinessObjects Business Intelligence Platform - Exposure of Sensitive Information via Version Management System
CVSS 4.9
CVE-2022-40177 MEDIUM
Siemens Desigo PXM/PXG3 < V02.20.126.11-41 - Unauthenticated Sensitive File Read via Axon Query Endpoints
CVSS 5.7
CVE-2022-39289 CRITICAL
ZoneMinder < 1.36.27 - Missing Authorization for Database Log Manipulation
CVSS 9.1
CVE-2022-39859 MEDIUM
Samsung UPHelper Library < 3.0.12 - Exposure of Sensitive Information via Implicit Intent Hijacking
CVSS 4.0
CVE-2022-39856 MEDIUM
Android imsservice - Exposure of Sensitive Call Information via Improper Access Control
CVSS 4.0
CVE-2022-39848 MEDIUM
Android AT_Distributor - Exposure of Sensitive Information via Log
CVSS 4.0
CVE-2022-39222 CRITICAL
Dex < 2.35.0 - Unauthenticated OAuth Authorization Code Theft via Malicious OIDC Flow
CVSS 9.3
CVE-2022-32540 MEDIUM
Bosch Video Management System 10.1-10.1.1, 11.0-11.1.0 & VIDEOJET Decoder VJD-7513 10.23-10.30 - UDP Info Disclosure
CVSS 5.9
CVE-2022-23726 MEDIUM
PingCentral 1.8-1.8.3 - Authenticated Exposure of Sensitive Information via Spring Boot Actuator Endpoints
CVSS 5.4
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits