CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2021-22276 MEDIUM
ABB System Access Point Firmware < 2.6.4 - Unauthenticated Firmware Integrity Check Bypass
CVSS 6.1
CVE-2021-26333 MEDIUM
AMD Chipset Driver < 3.08.17.735 and PSP Driver < 5.17.0.0 - Information Disclosure via Uninitialized Physical Pages
CVSS 5.5
CVE-2021-41082 HIGH
Discourse < 2021-09-14 - Exposure of Sensitive Information via Private Message Group Handling
CVSS 7.5
CVE-2021-24585 MEDIUM
Timetable and Event Schedule < 2.4.0 - Authenticated Exposure of Sensitive User Data via Event Timeslot Request
CVSS 6.5
CVE-2021-40690 HIGH
Apache Santuario XML Security for Java < 2.1.7 - Sensitive Information Exposure via XPath Transform
CVSS 7.5
CVE-2021-39327 MEDIUM
Wordpress BulletProof Security Backup Disclosure
CVSS 5.3
CVE-2021-40862 HIGH
HashiCorp Terraform Enterprise <202109-1 - Info Disclosure
CVSS 8.8
CVE-2021-39211 MEDIUM
GLPI 9.2-9.5.5 - Information Disclosure via Telemetry Endpoint
CVSS 5.3
CVE-2021-20582 MEDIUM
IBM Security Secret Server <11.0 - Info Disclosure
CVSS 5.3
CVE-2021-37192 MEDIUM
SINEMA Remote Connect Server < V3.0 SP2 - Unauthorized Exposure of Managed Network Devices
CVSS 4.3
CVE-2021-37190 MEDIUM
SINEMA Remote Connect Server < 3.0 SP2 - Unauthorized VPN Connection Information Disclosure
CVSS 4.3
CVE-2021-22527 MEDIUM
NetIQ Access Manager <5.0.1, 4.5.4 - Info Disclosure
CVSS 6.0
CVE-2021-39203 MEDIUM
WordPress 5.8 beta - Authenticated Exposure of Sensitive Information via Block Editor
CVSS 6.8
CVE-2021-39200 MEDIUM
WordPress 5.2-5.8 - Exposure of Sensitive Information via wp_die() Function
CVSS 5.3
CVE-2021-25464 LOW
SamsungCapture <4.8.02 - Info Disclosure
CVSS 3.3
CVE-2021-34771 MEDIUM
Cisco IOS XR < 7.3.2 - Authenticated Information Disclosure via CLI Command
CVSS 5.5
CVE-2021-28566 LOW
Magento < 2.4.2 - Authenticated Information Disclosure via Product Image Upload
CVSS 3.7
CVE-2021-37629 MEDIUM
Nextcloud Richdocuments < 3.8.4 - Share Token Enumeration via Unthrottled OCS Endpoint
CVSS 5.3
CVE-2021-36096 MEDIUM
OTRS <6.0.1, 7.0.28, 8.0.15 - Info Disclosure
CVSS 5.2
CVE-2021-36095 MEDIUM
OTRS <6.0.1, >7.0.28 - Info Disclosure
CVSS 5.3
CVE-2021-39192 MEDIUM
Ghost 4.0.0-4.9.4 - Authenticated Privilege Escalation via Integrations API Endpoint
CVSS 6.5
CVE-2021-38314 MEDIUM
Gutenberg Template Library & Redux Framework <= 4.2.11 - Sensitive Information Exposure
CVSS 5.3
CVE-2021-22793 HIGH
AccuSine PCS+/PFV+ <1.6.7, AccuSine PCSn <2.2.4 - Info Disclosure
CVSS 7.2
CVE-2021-39164 LOW
Matrix Synapse < 1.41.1 - Unauthenticated Exposure of Room Membership via History Visibility
CVSS 3.1
CVE-2021-39163 LOW
Matrix Synapse < 1.41.1 - Unauthenticated Exposure of Sensitive Room Information via Group Endpoints
CVSS 3.1
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits