CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-3348 MEDIUM
tooljet < 2022-09-11 - Unauthorized Exposure of Sensitive User Data via Editor Role
CVSS 4.9
CVE-2022-39031 MEDIUM
Smart eVision - Unauthenticated Exposure of User Session IDs via Task Acquisition Function
CVSS 5.3
CVE-2022-39030 HIGH
smart eVision - Unauthenticated Exposure of Sensitive Information via System Information Query
CVSS 7.5
CVE-2022-39029 MEDIUM
Smart eVision < 2022.02.21 - Authenticated Sensitive Information Exposure via Database Query Function
CVSS 6.5
CVE-2022-39258 HIGH
mailcow < 2022-09 - Open Redirect via Spoofed Swagger Authorize Link
CVSS 8.1
CVE-2022-35249 MEDIUM
Rocket.Chat < 5.0 - Unauthenticated Information Disclosure via getUserMentionsByChannel Method
CVSS 4.3
CVE-2022-35247 MEDIUM
Rocket.Chat < 4.7.5 - Unauthenticated Information Disclosure via getRoomRoles Meteor Method
CVSS 4.3
CVE-2022-35246 MEDIUM
Rocket.Chat < 4.7.5 - Unauthenticated NoSQL Injection and Information Disclosure via getS3FileUrl Method
CVSS 4.3
CVE-2022-32849 MEDIUM
iPadOS < 15.6 - Unauthorized Sensitive Information Exposure
CVSS 5.5
CVE-2022-32825 MEDIUM
iPadOS < 15.6 - Unauthorized Kernel Memory Disclosure
CVSS 5.5
CVE-2022-32818 MEDIUM
macOS 12.0-12.4 - Unauthorized Sensitive Kernel State Exposure
CVSS 5.5
CVE-2022-32805 MEDIUM
macOS - Unprotected User Data Exposure via Cache Handling Issue
CVSS 5.5
CVE-2022-32229 MEDIUM
rocket.chat < 5.0 - Unauthenticated Exposure of Sensitive Information via MongoDB Injection in chat.getThreadsList
CVSS 4.3
CVE-2022-32228 MEDIUM
Rocket.Chat < 4.7.5 - Unauthenticated Information Disclosure via getReadReceipts MongoDB Query Injection
CVSS 4.3
CVE-2022-32220 MEDIUM
Rocket.Chat < 5.0 - Unauthenticated Information Disclosure via getUserMentionsByChannel Method
CVSS 6.5
CVE-2022-32219 MEDIUM
Rocket.Chat < 4.7.5 - Authenticated Information Disclosure via Users List Endpoint
CVSS 4.3
CVE-2022-32218 MEDIUM
Rocket.Chat < 4.7.5 - Message ID Enumeration via Regex MongoDB Queries
CVSS 4.3
CVE-2022-40629 HIGH
Tacitine EN6200-PRIME QUAD-35/100 19.1.1-22.20.1 - Unauthenticated Sensitive Info Exposure
CVSS 7.5
CVE-2022-40194 MEDIUM
Customer Reviews for WooCommerce <= 5.3.5 - Unauthenticated Sensitive Information Exposure
CVSS 5.3
CVE-2022-39230 MEDIUM
fhir-works-on-aws-authz-smart 3.1.1-3.1.2 - Exposure of Sensitive Information via Search-Type Requests
CVSS 6.5
CVE-2022-23952 HIGH
Keylime < 6.3.0 - Unauthorized Exposure of Sensitive Configuration Data
CVSS 7.5
CVE-2022-23948 HIGH
Keylime < 6.3.0 - Exposure of Sensitive Information via Unprivileged Mount Check Bypass
CVSS 7.5
CVE-2022-28638 HIGH
HPE iLO 5 <2.71 - Info Disclosure, RCE
CVSS 7.8
CVE-2022-39212 MEDIUM
Nextcloud Talk < 13.0.8 - Unauthorized Exposure of Last Video Frame
CVSS 4.3
CVE-2022-39210 LOW
Nextcloud Android < 3.21.0 - Path Traversal
CVSS 3.2
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits