CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2021-40086 LOW
PrimeKey EJBCA < 7.6.0 - Administrator Enrollment Secret Exposure in Page Source
CVSS 2.2
CVE-2021-21823 HIGH
komoot 10.26.9-11.1.11 - Information Disclosure via Friend Finder
CVSS 7.5
CVE-2021-34749 MEDIUM
Cisco Ironport Web Security Appliance - Information Disclosure
CVSS 5.8
CVE-2021-35936 MEDIUM
Apache Airflow < 2.1.2 - Info Disclosure
CVSS 5.3
CVE-2021-37326 MEDIUM
NetSarang Xshell 7 - Unintended Code String Exposure in Paste Operations
CVSS 5.3
CVE-2021-36793 HIGH
routes < 2.1.1 - Sensitive Information Disclosure via CsrfTokenViewHelper
CVSS 7.5
CVE-2021-37703 MEDIUM
Discourse < 2.7.8 - Unauthorized Exposure of User Read State
CVSS 4.3
CVE-2021-37704 MEDIUM
phpfastcache < 6.1.5 - Exposure of Sensitive Information via Unprotected Vendor Directory
CVSS 5.4
CVE-2021-21596 CRITICAL
Dell OpenManage Enterprise 3.4-3.6.1 & Modular 1.20.00-1.30.00 - RCE & Info Disclosure
CVSS 9.6
CVE-2021-21584 HIGH
Dell OpenManage Enterprise 3.5 & OpenManage Enterprise-Modular 1.30.00 - Authenticated Information Disclosure
CVSS 7.7
CVE-2021-21564 CRITICAL
Dell OpenManage Enterprise < 3.6.1 - Unauthenticated Session Hijack via Malformed Data
CVSS 9.8
CVE-2021-20594 HIGH
Mitsubishi Electric MELSEC iQ-R - Info Disclosure
CVSS 7.5
CVE-2021-3566 MEDIUM
ffmpeg < 4.3 - Exposure of Sensitive Information via tty Demuxer
CVSS 5.5
CVE-2021-32002 MEDIUM
Secomea SiteManager < 9.5.621256022 - Unauthenticated Information Disclosure via Web Service
CVSS 4.3
CVE-2021-22925 MEDIUM
curl 7.7-7.77.0 - Exposure of Sensitive Information via TELNET NEW_ENV Option Parser
CVSS 5.3
CVE-2021-34707 MEDIUM
Cisco Evolved Programmable Network Manager < 5.0 - Authenticated Sensitive Information Exposure via REST API
CVSS 6.5
CVE-2021-32787 LOW
Sourcegraph <3.30.0 - Info Disclosure
CVSS 3.1
CVE-2021-20332 MEDIUM
MongoDB Rust Driver <2.0.0 - Info Disclosure
CVSS 4.2
CVE-2021-36091 LOW
OTRS 6.0.1-6.0.31 and 7.0.0-7.0.27 - Unauthorized Exposure of Sensitive Information via Calendar Appointment Listing
CVSS 3.5
CVE-2021-21443 LOW
OTRS 6.0.1-6.0.31 and 7.0.0-7.0.26 - Unauthorized Exposure of Customer User Emails via Bulk Action Screen
CVSS 3.5
CVE-2021-21440 MEDIUM
OTRS 6.0.1-6.0.x and 7.0.x-7.0.27 - Exposure of Sensitive Information via Support Bundle Generation
CVSS 5.2
CVE-2021-22001 HIGH
Cloudfoundry Cf-deployment < 16.18.0 - Information Disclosure
CVSS 7.5
CVE-2021-22770 MEDIUM
Easergy T300 <V2.7.1 - Info Disclosure
CVSS 6.5
CVE-2021-22728 MEDIUM
Schneider-electric Evlink City Evc1s22p4 Firmware < r8_v3.4.0.1 - Information Disclosure
CVSS 6.5
CVE-2021-22721 MEDIUM
EVlink <R8 V3.4.0.1 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits