CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,152 vulnerabilities with CWE-200
CVE-2021-21323 MEDIUM
Brave 1.17.73-1.20.103 - DNS Request Leak via CNAME Adblocking Bypass
CVSS 4.3
CVE-2021-20256 MEDIUM
Red Hat Satellite - Exposure of Sensitive Information via BMC Interface
CVSS 5.3
CVE-2021-26593 HIGH
Directus 8.0.0-8.8.1 - Unauthenticated Exposure of Sensitive User Information via API
CVSS 7.5
CVE-2021-21512 HIGH
Dell EMC PowerProtect Cyber Recovery 19.7.0.1 - Authenticated Information Disclosure via Email Account Takeover
CVSS 7.9
CVE-2021-21301 LOW
Wire for iOS <3.75 - Info Disclosure
CVSS 2.6
CVE-2021-21435 MEDIUM
OTRS 6.0.0-6.0.29 7.0.0-7.0.22 - Unauthorized Exposure of Sensitive Information via Ticket PDF Print
CVSS 5.7
CVE-2021-26067 MEDIUM
Atlassian Bamboo < 7.2.2 - Unauthenticated Sensitive Data Exposure via Chart Endpoint
CVSS 5.3
CVE-2021-0212 MEDIUM
Juniper Networks Contrail Networking <1911.31 - Info Disclosure
CVSS 5.0
CVE-2021-0210 MEDIUM
Juniper Junos OS - Unauthenticated Privilege Escalation via Session Hijacking
CVSS 6.8
CVE-2021-24122 MEDIUM
Apache Tomcat 7.0.0-7.0.106, 8.5.0-8.5.59, 9.0.0.M1-9.0.39, 10.0.0-M1-10.0.0-M9 - JSP Source Code Disclosure
CVSS 5.9
CVE-2021-3031 MEDIUM
PAN-OS 8.1.0-8.1.17 - Information Exposure via Ethernet Packet Padding
CVSS 4.3
CVE-2021-21469 HIGH
SAP NetWeaver Master Data Management - Exposure of Sensitive Information via SMB Relay Attack
CVSS 7.5
CVE-2020-37114 MEDIUM
GUnet OpenEclass 1.7.3 - Info Disclosure
CVSS 4.3
CVE-2020-36850 HIGH
Sitecore JSS React Sample App 11.0.0-14.0.1 - Info Disclosure
CVE-2020-36848 HIGH
Total Upkeep - WordPress Backup Plugin <1.14.9 - Info Disclosure
CVSS 7.5
CVE-2020-29010 MEDIUM
FortiOS < 6.0.11 - Authenticated Sensitive Information Exposure via SSL VPN Monitor CLI Command
CVSS 5.0
CVE-2020-13481 MEDIUM
Lexmark products through 2020-05-25 - Cross-Site Scripting
CVSS 6.1
CVE-2020-9089 LOW
Huawei P30 Pro Firmware < 10.1.0.120(c431e19r2p5) - Unauthorized Information Exposure via Unverified Function Call
CVSS 3.3
CVE-2020-9082 LOW
Huawei Mate 20 Firmware < 10.1.0.160(c00) - Authenticated Information Disclosure via Applock Bypass
CVSS 3.5
CVE-2020-3525 MEDIUM
Cisco Identity Services Engine - Authenticated Exposure of Sensitive Information via Admin Portal Configuration Pages
CVSS 4.3
CVE-2020-36835 MEDIUM
WPvivid Migration, Backup, Staging < 0.9.36 - Authenticated Sensitive Information Disclosure
CVSS 4.9
CVE-2020-25836 MEDIUM
OpenText NetIQ Directory and Resource Administrator <10.0.2, <9.2.1...
CVSS 6.3
CVE-2020-11843 MEDIUM
NetIQ Access Manager < 4.5 - Exposure of Sensitive Information
CVSS 6.5
CVE-2020-36771 HIGH
CloudLinux CageFS <7.1.1-1 - Code Injection
CVSS 7.8
CVE-2020-11447 MEDIUM
Bell HomeHub 3000 SG48222070 - Authenticated Serial Number Exposure via cgi/json-req
CVSS 4.3
Details
Vulnerabilities 10,152
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits