CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-23779 MEDIUM
ManageEngine Desktop Central < 10.1.2137.8 - Unauthenticated Sensitive Information Exposure via HTTP Redirect
CVSS 5.3
CVE-2022-22303 LOW
FortiManager <7.0.2-6.2.9 - Info Disclosure
CVSS 2.8
CVE-2022-0577 MEDIUM
scrapy < 2.6.1 - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 6.5
CVE-2022-24633 MEDIUM
FileCloud < 21.3.0.18447 - User Enumeration via Shared Path Parameter
CVSS 5.3
CVE-2022-0654 HIGH
GitHub fgribreau/node-request-retry <7.0.0 - Info Disclosure
CVSS 7.5
CVE-2022-23984 LOW
wpDiscuz <= 7.3.11 - Sensitive Information Disclosure
CVSS 3.7
CVE-2022-0708 MEDIUM
Mattermost <6.3.0 - Info Disclosure
CVSS 4.3
CVE-2022-23982 MEDIUM
WordPress Perfect Brands <2.0.4 - Info Disclosure
CVSS 4.3
CVE-2022-0672 MEDIUM
LemMinX < 0.19.0 - Exposure of Sensitive Information via Insecure Redirect
CVSS 5.5
CVE-2022-23643 MEDIUM
Sourcegraph 3.35.0-3.35.1 - Authenticated Exposure of Sensitive Information via Code Monitoring Feature
CVSS 6.5
CVE-2022-23634 HIGH
Puma < 4.3.11 and 5.0.0-5.6.2 - Information Exposure via Response Body Handling
CVSS 8.0
CVE-2022-23633 HIGH
Rails 5.0.0-5.2.6.1 - Information Disclosure via Thread Local State Leak
CVSS 7.4
CVE-2022-24003 MEDIUM
Bixby Vision <3.7.50.6 - Info Disclosure
CVSS 4.0
CVE-2022-24001 LOW
Edge Panel <Android S - Info Disclosure
CVSS 3.8
CVE-2022-20680 MEDIUM
Cisco Prime Service Catalog - Info Disclosure
CVSS 4.3
CVE-2022-20630 MEDIUM
Cisco Catalyst Center 2.1.2.0-2.2.2.8 - Authenticated Sensitive Information Exposure in Audit Log
CVSS 4.4
CVE-2022-0018 MEDIUM
GlobalProtect 5.1-5.1.9 and 5.2-5.2.8 - Unauthenticated Credential Exposure via Single Sign-On Feature
CVSS 6.1
CVE-2022-22545 MEDIUM
SAP NetWeaver ABAP and ABAP Platform 700-756 - Unauthorized Sensitive Information Exposure via SM59 Transaction
CVSS 4.9
CVE-2022-22542 MEDIUM
SAP S/4HANA - Exposure of Sensitive Employee Business Partner Data via Supplier Factsheet and Enterprise Search
CVSS 6.5
CVE-2022-23619 MEDIUM
XWiki < 12.10.9, 13.5RC1-13.6RC1 - Unauthenticated User Enumeration via Password Reset Form
CVSS 5.3
CVE-2022-21712 HIGH
Twisted 11.1.0-22.1.0 - Origin Validation Error in RedirectAgent
CVSS 7.5
CVE-2022-0474 LOW
OTRS Custom Contact Fields <8.0.11 - Info Disclosure
CVSS 2.4
CVE-2022-22680 MEDIUM
Synology DiskStation Manager 6.2-6.2.4-25556-3 - Exposure of Sensitive Information via Web Server
CVSS 5.3
CVE-2022-23607 MEDIUM
treq 21.1.0-22.1.0 - Exposure of Sensitive Information via Supercookies
CVSS 6.5
CVE-2022-22733 MEDIUM
Apache ShardingSphere ElasticJob-UI <= 3.0.0 - Authenticated Privilege Escalation via Guest Account
CVSS 6.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits