CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-35147 CRITICAL
DoraCMS < 2.1.8 - Unauthenticated Login Bypass via Crafted HTTP Request
CVSS 9.8
CVE-2022-37438 LOW
Splunk Enterprise 8.1.0-8.1.10 & Splunk Cloud <8.2.2203.4 Authenticated Info Exposure
CVSS 2.6
CVE-2022-35290 HIGH
SAP Authenticator < 1.2.17 - Exposure of Sensitive Information
CVSS 7.5
CVE-2022-31674 MEDIUM
VMware vRealize Operations 8.0.0-8.6.4 - Information Disclosure via Log File Access
CVSS 4.3
CVE-2022-35715 HIGH
IBM InfoSphere Information Server 11.7 - Info Disclosure
CVSS 7.5
CVE-2022-34659 HIGH
Simcenter STAR-CCM+ Viewer - Unauthorized Exposure of User and Host Information via Power-on-Demand License Server
CVSS 7.5
CVE-2022-34712 MEDIUM
Windows Defender Credential Guard - Exposure of Sensitive Information
CVSS 5.5
CVE-2022-34710 MEDIUM
Windows Defender Credential Guard - Exposure of Sensitive Information
CVSS 5.5
CVE-2022-34708 MEDIUM
Windows Kernel - Information Disclosure
CVSS 5.5
CVE-2022-34704 MEDIUM
Windows Defender Credential Guard - Unauthorized Exposure of Sensitive Information
CVSS 4.7
CVE-2022-34692 MEDIUM
Microsoft Exchange Server - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 5.3
CVE-2022-30197 MEDIUM
Windows 10, 11, Server 2016, 2019, 2022 - Kernel Information Disclosure
CVSS 5.5
CVE-2022-2704 MEDIUM
Simple E-Learning System - Information Disclosure via downloadFiles.php Download Parameter
CVSS 4.3
CVE-2022-27633 HIGH
TCL LinkHub Mesh Wifi MS1G_00_01.00_14 - Information Disclosure via confctl_get_guest_wlan
CVSS 7.5
CVE-2022-27630 HIGH
TCL LinkHub Mesh Wi-Fi AC1200 - Information Disclosure via confctl_get_master_wlan
CVSS 7.5
CVE-2022-29071 MEDIUM
Arista CloudVision Portal - Info Disclosure
CVSS 4.0
CVE-2022-36835 LOW
Samsung Internet Browser < 17.0.7.34 - Unauthorized File Access via Implicit Intent Hijacking
CVSS 3.3
CVE-2022-36834 LOW
Samsung Game Launcher < 6.0.07 - Exposure of Sensitive Information via Local App Data Access
CVSS 3.3
CVE-2022-33728 MEDIUM
Bluetooth <SMR Aug-2022 Release 1 - Info Disclosure
CVSS 4.0
CVE-2022-33724 LOW
Samsung Dialer <SMR Aug-2022 Release 1 - Info Disclosure
CVSS 3.3
CVE-2022-31190 MEDIUM
DSpace 4.0-6.3 - Exposure of Sensitive Information via XMLUI mets.xml
CVSS 5.3
CVE-2022-31185 MEDIUM
makedp mprweb < 5.0.0 - Unauthorized Email Address Exposure via Account Settings
CVSS 5.3
CVE-2022-31177 LOW
Flask-AppBuilder <4.1.3 - Info Disclosure
CVSS 2.7
CVE-2022-27614 MEDIUM
Synology Media Server < 1.8.1-2876 - Exposure of Sensitive Information via Web Server
CVSS 5.3
CVE-2022-31162 HIGH
Slack Morphism <0.41.0 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits