CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,152 vulnerabilities with CWE-200
CVE-2020-36723 MEDIUM
ListingPro - WordPress Directory & Listing Theme <2.6.1 - Info Disc...
CVSS 5.3
CVE-2020-4927 MEDIUM
IBM Spectrum Scale 5.0.5.0-5.1.6.1 - Unauthorized Data Access and Arbitrary Data Injection
CVSS 5.7
CVE-2020-36668 MEDIUM
JetBackup < 1.4.0 - Sensitive Information Exposure via backup_guard_get_manual_modal AJAX Action
CVSS 4.3
CVE-2020-9846 MEDIUM
macOS < 12.0.1 - Unauthorized Access to Local Users' Apple IDs
CVSS 5.3
CVE-2020-36660 MEDIUM
paxswill EVE Ship Replacement Program <0.12.11 - Info Disclosure
CVSS 4.3
CVE-2020-8975 HIGH
ZGR TPS200 NG Firmware 2.00 - Information Disclosure via Web Application Routes
CVSS 7.5
CVE-2020-4159 HIGH
IBM QRadar Network Security 5.4.0 and 5.5.0 - Exposure of Sensitive Information
CVSS 7.5
CVE-2020-35167 MEDIUM
Dell BSAFE <4.1.5-4.6 - Use After Free
CVSS 4.8
CVE-2020-36532 MEDIUM
Klapp App - Unauthenticated Exposure of Sensitive Information via Authorization Component
CVSS 4.3
CVE-2020-4957 MEDIUM
IBM Security Identity Governance and Intelligence 5.2.6 - Exposure of Sensitive Information in URL Parameters
CVSS 5.3
CVE-2020-14112 MEDIUM
Xiaomi Router AX6000 < 1.0.56 - Unauthorized Information Disclosure via Incorrect Routing Configuration
CVSS 5.3
CVE-2020-12966 MEDIUM
AMD EPYC Firmware < milanpi-sp3_1.0.0.5 - Authenticated Information Disclosure via SEV-ES/SEV-SNP
CVSS 5.5
CVE-2020-15933 MEDIUM
FortiMail <=6.0.9/6.2.4/6.4.1 Sensitive Version Info Exposure via Client-Side Inspection
CVSS 5.3
CVE-2020-27414 MEDIUM
Mahavitaran Android <7.50 - Info Disclosure
CVSS 5.9
CVE-2020-4951 LOW
IBM Cognos Analytics 11.1.7 and 11.2.0 - Exposure of Sensitive Information via Locally Cached Browser Data
CVSS 3.3
CVE-2020-7819 CRITICAL
nTracker USB Enterprise - SQL Injection
CVSS 9.3
CVE-2020-7387 MEDIUM
Sage X3 AdxAdmin < 93.2.53 - Installation Path Disclosure via AdxDSrv.exe Response
CVSS 5.3
CVE-2020-12987 MEDIUM
AMD Graphics Driver - Info Disclosure
CVSS 5.5
CVE-2020-14371 MEDIUM
Red Hat Satellite - Credential Leak via VM Exposure
CVSS 6.5
CVE-2020-14335 MEDIUM
Red Hat Satellite - Exposure of Sensitive Information via ISC DHCP Smart-Proxy OMAPI Secrets
CVSS 5.5
CVE-2020-14329 LOW
Ansible Tower < 3.7.2 - Unauthorized Sensitive Data Exposure via Labels API Endpoint
CVSS 3.3
CVE-2020-10698 LOW
Ansible Tower <3.6.4-3.4.6 - Info Disclosure
CVSS 3.3
CVE-2020-36319 LOW
Vaadin Flow 3.0.0-3.0.5 & Vaadin 15.0.0-15.0.4 Sensitive Information Exposure via Insecure ObjectMapper
CVSS 3.1
CVE-2020-7270 MEDIUM
McAfee Advanced Threat Defense < 4.12.2 - Authenticated Exposure of Sensitive Information via HTTP Request Parameter
CVSS 4.9
CVE-2020-7269 MEDIUM
McAfee Advanced Threat Defense < 4.12.2 - Authenticated Exposure of Sensitive Information via HTTP Request Parameter
CVSS 4.9
Details
Vulnerabilities 10,152
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits