CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,152 vulnerabilities with CWE-200
CVE-2021-22876 MEDIUM
libcurl 7.1.1-7.75.0 - Credential Leak via HTTP Referer Header
CVSS 5.3
CVE-2021-28164 MEDIUM
Eclipse Jetty - Information Disclosure
CVSS 5.3
CVE-2021-28163 LOW
NetApp Cloud Manager - Exposure of Sensitive Information via Symlink Webapps Directory
CVSS 2.7
CVE-2021-21396 MEDIUM
wire-server 2021-02-16-2021-03-02 - Authenticated Exposure of Sensitive User Metadata via List-Clients Endpoint
CVSS 6.5
CVE-2021-22172 MEDIUM
GitLab 12.8.0-13.6.5 - Unauthenticated Exposure of Sensitive Tag Data via Releases Page
CVSS 4.3
CVE-2021-25369 MEDIUM KEV
sec_log <SMR MAR-2021 Release 1 - Info Disclosure
CVSS 6.2
CVE-2021-23890 MEDIUM
McAfee ePolicy Orchestrator < 5.10 Update 10 - Unauthenticated Information Disclosure via Agent Handler
CVSS 6.5
CVE-2021-25350 LOW
Samsung Account <12.1.1.3 - Info Disclosure
CVSS 2.0
CVE-2021-27908 MEDIUM
Mautic < 3.3.2 - Authenticated Information Disclosure via Symfony Parameter Injection
CVSS 5.8
CVE-2021-21376 MEDIUM
OMERO.web < 5.9.0 - Exposure of Sensitive User Information
CVSS 6.4
CVE-2021-28133 MEDIUM
Zoom < 5.5.4 - Unauthorized Screen Content Exposure via Share Screen Functionality
CVSS 4.3
CVE-2021-20281 MEDIUM
moodle 3.5.0-3.5.16 and 3.10.0-3.10.1 - Exposure of Sensitive Information via Online Users Block
CVSS 5.3
CVE-2021-26923 HIGH
Argo CD < 1.7.12 - Unauthenticated Exposure of Sensitive Information via /api/version Endpoint
CVSS 7.5
CVE-2021-20018 MEDIUM
SonicWall SMA100 < 10.2.0.5 - Authenticated Configuration Export to Arbitrary Email
CVSS 4.9
CVE-2021-21364 MEDIUM
swagger-codegen < 2.4.19 - Insecure Temporary File Permissions
CVSS 5.3
CVE-2021-21360 MEDIUM
Products.GenericSetup < 2.1.1 - Unauthenticated Exposure of Sensitive Information via Log and Snapshot Files
CVSS 5.3
CVE-2021-22134 MEDIUM
Elasticsearch 7.6.0-7.10.2 - Unauthorized Document Disclosure via Document or Field Level Security Bypass
CVSS 4.3
CVE-2021-21336 MEDIUM
Products.PluggableAuthService < 2.6.0 - Unauthenticated Role Information Disclosure via ZODB Role Manager Plugin
CVSS 6.5
CVE-2021-25333 LOW
Samsung Pay <4.0.14 - Info Disclosure
CVSS 3.2
CVE-2021-25332 LOW
Samsung Pay <4.0.14 - Info Disclosure
CVSS 3.2
CVE-2021-25331 LOW
Samsung Pay <4.0.14 - Info Disclosure
CVSS 3.2
CVE-2021-25122 HIGH
Apache Tomcat <10.0.0,9.0.41,8.5.61 - Info Disclosure
CVSS 7.5
CVE-2021-26566 HIGH
Synology DiskStation Manager < 6.2.3-25426-3 - Remote Code Execution via QuickConnect Traffic
CVSS 8.3
CVE-2021-21621 MEDIUM
Jenkins Support Core Plugin < 2.72 - Exposure of Sensitive Information via Serialized User Authentication
CVSS 5.3
CVE-2021-20656 MEDIUM
SolarView Compact SV-CPT-MC310 <6.5 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 10,152
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits