CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2021-35080 MEDIUM
Qualcomm Snapdragon Firmware - Information Disclosure via Disabled SMMU Configuration
CVSS 6.5
CVE-2021-35070 MEDIUM
Snapdragon Industrial IOT/Snapdragon Mobile - Info Disclosure
CVSS 6.5
CVE-2021-42886 HIGH
TOTOLINK EX1200T V4.1.2cu.5215 - Unauthenticated Exposure of Sensitive Information via apmib Configuration File
CVSS 7.5
CVE-2021-39020 MEDIUM
IBM Guardium Data Encryption < 4.0.0.7 - Sensitive Information Exposure via URL Parameters
CVSS 5.3
CVE-2021-43938 HIGH
Elcomplus SmartPTT SCADA Server - Info Disclosure
CVSS 8.1
CVE-2021-43937 HIGH
Elcomplus SmartPTT SCADA Server - Info Disclosure
CVSS 7.6
CVE-2021-34589 HIGH
Bender Charge Controllers 5.11.0-5.11.1 and 5.12.0-5.12.4 - Unauthenticated RFID Exposure via Web Interface
CVSS 7.5
CVE-2021-3503 MEDIUM
Wildfly < 23.0.1 - Exposure of Sensitive Metrics Data
CVSS 4.3
CVE-2021-43287 HIGH
ThoughtWorks GoCD <21.3.0 - Info Disclosure
CVSS 7.5
CVE-2021-28544 MEDIUM
Apache Subversion 1.10.0-1.14.0 - Unauthorized Exposure of Protected Copyfrom Paths
CVSS 4.3
CVE-2021-43205 MEDIUM
FortiClient for Linux <7.0.2, <6.4.7, <6.2.9 - Info Disclosure
CVSS 4.3
CVE-2021-40375 MEDIUM
Apperta Foundation OpenEyes 3.5.1 - Info Disclosure
CVSS 6.5
CVE-2021-4180 MEDIUM
openstack-tripleo-heat-templates < 11.6.1 - Sensitive Information Exposure via www_authenticate_uri
CVSS 4.3
CVE-2021-27424 MEDIUM
GE Multilin UR Firmware < 8.10 - Unauthorized Information Exposure via MODBUS Register
CVSS 5.3
CVE-2021-27422 HIGH
GE Multilin UR Firmware < 8.10 - Unauthenticated Cleartext Transmission of Sensitive Information
CVSS 7.5
CVE-2021-41850 HIGH
Bluproducts G90 Firmware - Information Disclosure
CVSS 7.8
CVE-2021-41849 MEDIUM
Bluproducts G90 Firmware - Information Disclosure
CVSS 5.5
CVE-2021-32477 MEDIUM
moodle 3.10-3.10.3 - Missing Authorization for Mobile App Last Access Time
CVSS 4.3
CVE-2021-32473 MEDIUM
Moodle < 3.5.18 - Unauthorized Quiz Grade Exposure via Quiz Web Service
CVSS 5.3
CVE-2021-4023 MEDIUM
Linux Kernel < 5.15-rc1 - Denial of Service via io-workqueue Cancellation
CVSS 5.5
CVE-2021-3732 MEDIUM
Linux Kernel < 5.14 - Exposure of Sensitive Information via OverlayFS TmpFS Mount
CVSS 5.5
CVE-2021-22783 HIGH
Ritto Wiser Door - Session Hijack via Information Exposure
CVSS 8.8
CVE-2021-41239 MEDIUM
Nextcloud <20.0.13, <21.0.5, <22.2 - Info Disclosure
CVSS 5.3
CVE-2021-41181 LOW
Nextcloud talk <12.3.0 - Info Disclosure
CVSS 2.4
CVE-2021-3602 MEDIUM
Buildah < 1.16.8 - Information Disclosure via Chroot Isolation
CVSS 5.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits