CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-0281 HIGH
Packagist microweber/microweber <1.2.11 - Info Disclosure
CVSS 7.5
CVE-2022-21296 MEDIUM
Oracle GraalVM Enterprise Edition 20.3.4 and 21.3.0 - Unauthenticated Unauthorized Data Read via JAXP
CVSS 5.3
CVE-2022-21673 MEDIUM
Grafana 7.2.0-7.5.12 - Unauthorized Data Access via Forward OAuth Identity
CVSS 4.3
CVE-2022-21683 LOW
Wagtail 2.13-2.15.1 - Unauthorized Exposure of Sensitive Comment Thread Information
CVSS 3.5
CVE-2022-0235 MEDIUM
node-fetch < 2.6.7 and >=3.0.0 <3.1.1 - Open Redirect via URL Validation Bypass
CVSS 6.1
CVE-2022-21677 MEDIUM
Discourse < 2.7.13 - Unauthorized Exposure of Sensitive Group Information via Advanced Search
CVSS 4.3
CVE-2022-21678 MEDIUM
Discourse < 2.7.13 - Unauthorized Exposure of Private User Bios in Meta Tags
CVSS 4.3
CVE-2022-0013 MEDIUM
Cortex XDR Agent 5.0-5.0.11, 6.1-6.1.8, 7.2-7.2.3, 7.3-7.3.1 - Arbitrary File Read via Support File
CVSS 5.0
CVE-2022-21671 HIGH
@replit/crosis < 7.3.1 - Exposure of Sensitive Information via Fallback Proxy URL
CVSS 8.1
CVE-2022-22701 MEDIUM
PartKeepr < 1.4.0 - Authenticated Local File Read via File URI Scheme
CVSS 6.5
CVE-2022-22287 LOW
Samsung Email <6.1.60.16 - Info Disclosure
CVSS 3.9
CVE-2022-21642 MEDIUM
Discourse < 2.7.13 - Unauthorized Exposure of Whisper Participants via User Suggestions
CVSS 4.3
CVE-2021-24008 MEDIUM
FortiMail < 6.0.10, FortiDDoS < 5.4.3, FortiVoice < 6.0.7, FortiRecorder < 6.0.4 - Sensitive Info Exposure
CVSS 5.3
CVE-2021-26281 MEDIUM
Alarm Clock Module - Info Disclosure
CVSS 5.5
CVE-2021-26279 MEDIUM
Weather Module <unknown - Info Disclosure
CVSS 5.9
CVE-2021-32007 LOW
Secomea GateManager <9.5 - Info Disclosure
CVSS 3.5
CVE-2021-22529 MEDIUM
NetIQ Advance Authentication <6.3.5.1 - Info Disclosure
CVSS 6.3
CVE-2021-44534 MEDIUM
ExpressionEngine 6.0.0-6.0.3 - Unauthenticated Arbitrary File Read and Sensitive Information Disclosure
CVSS 6.5
CVE-2021-47403 HIGH
Linux Kernel 3.18-4.4.286 - Module Reference Leak in IPOctal TTY Driver
CVSS 7.1
CVE-2021-33146 MEDIUM
Intel(R) Ethernet < - Info Disclosure
CVSS 5.3
CVE-2021-39008 LOW
IBM QRadar WinCollect Agent <10.1.7 - Info Disclosure
CVSS 2.7
CVE-2021-22143 LOW
Elastic APM .NET Agent < 1.10.0 - Sensitive Information Exposure via HTTP Header Logging
CVSS 2.1
CVE-2021-4430 LOW
Ortus Solutions ColdBox Elixir 3.1.6 - Exposure of Sensitive Information in ENV Variable Handler
CVSS 3.5
CVE-2021-38859 MEDIUM
IBM Security Verify Privilege On-Premises <11.5 - Info Disclosure
CVSS 4.3
CVE-2021-44172 MEDIUM
FortiClientEMS 6.2.0-6.2.8, 6.4.x, 7.0.0-7.0.4, 7.0.6-7.0.7 - Sensitive Information Exposure via Management Interface
CVSS 4.3
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits