CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-27849 MEDIUM
Simple Ajax Chat <= 20220115 - Sensitive Information Disclosure via sac-export.csv
CVSS 5.3
CVE-2022-24853 MEDIUM
Metabase 0.40.0-0.40.8 - Exposure of Sensitive Information via NTLM Relay Attack
CVSS 5.9
CVE-2022-24850 MEDIUM
Discourse - Unauthorized Exposure of Category Group Permissions
CVSS 5.3
CVE-2022-24849 MEDIUM
DisCatSharp 9.8.5-9.9.0 - Unauthenticated Exposure of Sensitive Information via Developer Attribute
CVSS 6.5
CVE-2022-25166 MEDIUM
Amazon AWS VPN Client 2.0.0 - Exposure of Sensitive Information via UNC Path in OpenVPN Configuration
CVSS 5.0
CVE-2022-22183 HIGH
Juniper Networks Junos OS Evolved - DoS
CVSS 7.5
CVE-2022-22961 MEDIUM
VMware Workspace ONE Access, Identity Manager, vRealize Automation - Information Disclosure
CVSS 5.3
CVE-2022-1332 MEDIUM
Mattermost Server 5.37.0-5.37.8 and 6.4.0-6.4.1 - Authenticated Privilege Escalation via API
CVSS 4.3
CVE-2022-27667 HIGH
SAP BusinessObjects Business Intelligence Platform 430 - Information Disclosure via Client Management Console
CVSS 7.5
CVE-2022-27241 HIGH
Mendix 7.0.0-7.23.30, 8.0.0-8.18.17, 9.0.0-9.10.9, 9.6.0-9.6.11 - Sensitive Information Exposure
CVSS 7.5
CVE-2022-24837 MEDIUM
HedgeDoc 1.9.1-<1.9.3 - Information Disclosure via Enumerable Uploaded Image Filenames
CVSS 5.3
CVE-2022-27844 LOW
WPvivid Migration, Backup, Staging < 0.9.71 - Arbitrary File Read
CVSS 2.7
CVE-2022-27576 LOW
Google Android - Information Disclosure
CVSS 3.3
CVE-2022-27575 LOW
Google Android - Information Disclosure
CVSS 3.3
CVE-2022-24804 MEDIUM
Discourse < 2.8.3 - Unauthorized Group Name Exposure via Category Permissions
CVSS 5.3
CVE-2022-25594 MEDIUM
Microprogram Parking Lot Management System - Unauthenticated Exposure of Sensitive Information via Specific URLs
CVSS 5.3
CVE-2022-0709 HIGH
Booking Package WP <1.5.29 - Info Disclosure
CVSS 7.5
CVE-2022-23158 MEDIUM
Wyse Device Agent <14.6.1.4 - Info Disclosure
CVSS 6.0
CVE-2022-23157 MEDIUM
Dell Wyse Device Agent < 14.6.1.4 - Authenticated Sensitive Data Exposure
CVSS 4.4
CVE-2022-24797 MEDIUM
Pomerium 0.16.0-0.17.0 - Unauthenticated Exposure of Sensitive Information via Debug and Metrics Endpoints
CVSS 6.5
CVE-2022-1077 MEDIUM
TEM FLEX-1080 and FLEX-1085 1.6.0 - Unauthenticated Sensitive Information Exposure via Log Handler
CVSS 5.3
CVE-2022-24784 LOW
Statamic < 3.2.39 - Exposure of Sensitive Information via REST API Users Endpoint
CVSS 3.7
CVE-2022-0494 MEDIUM
Linux Kernel < 5.17 - Authenticated Information Disclosure in SCSI IOCTL
CVSS 4.4
CVE-2022-24782 MEDIUM
Discourse < 2.8.2 - Unauthorized Exposure of Secure Category Names in User Activity Export
CVSS 4.3
CVE-2022-24768 CRITICAL
Argo CD <1.0.0 - Privilege Escalation
CVSS 9.9
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits