CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2021-31352 MEDIUM
Juniper Session and Resource Control < 4.130r6 - Information Exposure via Weak NETCONF Cipher Negotiation
CVSS 5.3
CVE-2021-41140 MEDIUM
Discourse-reactions <0.2 - Info Disclosure
CVSS 5.3
CVE-2021-22036 MEDIUM
VMware vRealize Orchestrator 8.0-8.5 - Open Redirect and Sensitive Information Exposure via Improper Path Handling
CVSS 6.5
CVE-2021-20832 MEDIUM
InBody App <2.3.30-2.2.90(510) - Info Disclosure
CVSS 5.3
CVE-2021-33727 MEDIUM
SINEC NMS <V1.0 SP2 Update 1 - Info Disclosure
CVSS 6.5
CVE-2021-32028 MEDIUM
PostgreSQL 9.6.0-9.6.21 - Authenticated Exposure of Sensitive Information via INSERT ON CONFLICT DO UPDATE
CVSS 6.5
CVE-2021-32029 MEDIUM
PostgreSQL 11.0-11.11 - Authenticated Out-of-bounds Read via UPDATE RETURNING Command
CVSS 6.5
CVE-2021-42089 HIGH
Zammad < 4.1.1 - Exposure of Sensitive Information via REST API
CVSS 7.5
CVE-2021-34702 MEDIUM
Cisco Identity Services Engine 2.2.0-2.5.9 - Authenticated Sensitive Information Exposure via Web Management Interface
CVSS 4.3
CVE-2021-41125 MEDIUM
Scrapy < 1.8.1 - Credential Exposure via HttpAuthMiddleware
CVSS 5.7
CVE-2021-25486 LOW
ipcdump <SMR Oct-2021 Release 1 - Info Disclosure
CVSS 2.5
CVE-2021-0644 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in SubscriptionController
CVSS 5.5
CVE-2021-41124 HIGH
scrapy-splash < 0.8.0 - Credential Exposure via HttpAuthMiddleware
CVSS 7.4
CVE-2021-41120 HIGH
sylius/paypal-plugin - Info Disclosure
CVSS 7.5
CVE-2021-41123 MEDIUM
Survey Solutions < 21.09.1 - Unauthenticated Exposure of Sensitive Metrics via /metrics Endpoint
CVSS 5.3
CVE-2021-41092 MEDIUM
Docker CLI <20.10.9 - Info Disclosure
CVSS 5.4
CVE-2021-23858 HIGH
Bosch Rexroth IndraMotion MLC and IndraControl XLC Firmware < 12 - Unauthenticated Information Disclosure via Web Server
CVSS 8.6
CVE-2021-23855 HIGH
Bosch Rexroth IndraMotion XLC and MLC Firmware - Weak Password Hashing via Unprotected Web Resource
CVSS 8.6
CVE-2021-41109 HIGH
Parse Server <4.10.4 - Info Disclosure
CVSS 7.5
CVE-2021-41301 CRITICAL
ECOA BAS Controller - Unauthenticated Sensitive Information Disclosure via Direct Object Reference
CVSS 9.8
CVE-2021-39857 MEDIUM
Adobe Acrobat and Acrobat Reader DC - Unauthenticated Local File Existence Disclosure via Internet Explorer Add-on
CVSS 4.3
CVE-2021-39856 MEDIUM
Adobe Acrobat and Acrobat Reader DC < 21.005.20058 - Unauthenticated NTLMv2 Credential Disclosure via ActiveX Control
CVSS 6.5
CVE-2021-39855 MEDIUM
Adobe Acrobat and Reader DC < 21.005.20058 - Unauthenticated Information Disclosure via ActiveX Control
CVSS 6.5
CVE-2021-24661 MEDIUM
PostX - Gutenberg Blocks for Post Grid < 2.4.10 - Unauthorized Access to Private Post Content via Saved Templates Addon
CVSS 4.3
CVE-2021-22272 MEDIUM
ABB mybuildings & Busch-Jaeger mybusch-jaeger < 2021-05-03 - Unauthorized Device Takeover
CVSS 6.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits