CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2021-22892 HIGH
Rocket.Chat <v3.13 - Info Disclosure
CVSS 7.5
CVE-2021-22740 MEDIUM
homeLYnk & spaceLYnk <V2.60 - Info Disclosure
CVSS 6.5
CVE-2021-22739 MEDIUM
Schneider Electric homeLYnk and spaceLYnk < 2.6.0 - Exposure of Sensitive Information During Initial Configuration
CVSS 5.9
CVE-2021-32638 MEDIUM
Github codeql_action < 20210304 - Sensitive Information Exposure via Command-Line Argument
CVSS 4.4
CVE-2021-23937 HIGH
Apache Wicket 6.0.0-6.2.0, 7.0.0-7.17.0, 8.0.0-8.11.0, 9.0.0-9.2.0 DNS Amplification via X-Forwarded-For
CVSS 7.5
CVE-2021-32624 HIGH
Keystone 5 < 19.3.2 - Exposure of Sensitive Information via Access Control Bypass
CVSS 7.5
CVE-2021-27434 HIGH
Unified-automation .net Based Opc UA Client/server SDK < 3.0.7 - Information Disclosure
CVSS 7.5
CVE-2021-3426 MEDIUM
Python < 3.8.9, < 3.9.3, < 3.10.0a7 - Information Disclosure via pydoc Server
CVSS 5.7
CVE-2021-21733 MEDIUM
ZTE ZXCDN 7.01-iamv7.01.01.02 - Exposure of Sensitive Information
CVSS 4.9
CVE-2021-32820 HIGH
Express-handlebars - Info Disclosure
CVSS 8.6
CVE-2021-32819 HIGH
squirrelly < 9.0.0 - Remote Code Execution via Express Render API
CVSS 8.0
CVE-2021-32817 MEDIUM
express-hbs < 5.3.2 - File Disclosure via Layout Parameter
CVSS 5.4
CVE-2021-22137 MEDIUM
Elasticsearch <6.8.15 and 7.11.0-7.11.1 - Document Disclosure via Cross-Cluster Search Query
CVSS 5.3
CVE-2021-22135 MEDIUM
Elasticsearch <6.8.15 and 7.0.0-7.11.2 - Unauthorized Document and Field Exposure via Suggester and Profile API
CVSS 5.3
CVE-2021-21424 MEDIUM
Symfony 3.4.0-3.4.48 - Unauthorized User Enumeration via Switch User Functionality
CVSS 5.3
CVE-2021-20993 MEDIUM
WAGO Managed Switches - Info Disclosure
CVSS 5.3
CVE-2021-20250 MEDIUM
JBoss EJB Client < 4.0.39 - Exposure of Sensitive Information via Privileged Actions
CVSS 4.3
CVE-2021-20331 MEDIUM
MongoDB C# Driver - Info Disclosure
CVSS 4.2
CVE-2021-20313 HIGH
ImageMagick < 7.0.11-0 - Exposure of Sensitive Information via TransformSignature
CVSS 7.5
CVE-2021-31173 MEDIUM
Microsoft SharePoint Server - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 5.3
CVE-2021-31918 HIGH
Red Hat OpenStack 16.1 - Exposure of Sensitive Information via Ansible Log File
CVSS 7.5
CVE-2021-21537 MEDIUM
Dell Hybrid Client < 1.5 - Unauthenticated Exposure of Sensitive Information
CVSS 6.2
CVE-2021-21536 MEDIUM
Dell Hybrid Client < 1.5 - Unauthenticated Exposure of Sensitive Information via Client Registration
CVSS 6.2
CVE-2021-21534 MEDIUM
Dell Hybrid Client < 1.5 - Unauthenticated Exposure of Sensitive Information via Local API
CVSS 4.0
CVE-2021-20228 HIGH
Ansible Engine 2.9.18 - Exposure of Sensitive Information via Basic.py Module Sub-Option Feature
CVSS 7.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits