CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,152 vulnerabilities with CWE-200
CVE-2020-24406 LOW
Magento <2.4.0, 2.3.4 - Info Disclosure
CVSS 3.7
CVE-2020-10291 HIGH
KUKA Visual Components Network License Server - Unauthenticated Sensitive Information Disclosure via UDP Port 5093
CVSS 7.5
CVE-2020-4649 MEDIUM
IBM Planning Analytics Local < 2.0.9.2 - Unauthorized Data Exposure via TM1Web Session Invalidation Failure
CVSS 4.3
CVE-2020-7196 MEDIUM
HPE BlueData EPIC < 4.0 & Ezmeral Container Platform 5.0 - Exposed kdc_admin_password
CVSS 6.5
CVE-2020-27612 MEDIUM
Greenlight in BigBlueButton <2.2.28 - Info Disclosure
CVSS 4.3
CVE-2020-15931 HIGH
Netwrix Account Lockout Examiner < 5.1 - Exposure of Sensitive Information via Kerberos Pre-Authentication Event
CVSS 7.5
CVE-2020-1777 MEDIUM
OTRS <7.0.21 & <8.0.6 - Info Disclosure
CVSS 4.3
CVE-2020-15794 MEDIUM
Desigo Insight - Authenticated Sensitive Information Exposure via Error Message
CVSS 4.3
CVE-2020-15250 MEDIUM
JUnit4 4.7-4.13 - Local Information Disclosure via TemporaryFolder Rule
CVSS 4.4
CVE-2020-26869 HIGH
ARC Informatique PcVue <12.0.17 - Info Disclosure
CVSS 7.5
CVE-2020-14183 MEDIUM
Jira Server & Data Center < 7.13.18, 8.0.0-8.5.9, 8.6.0-8.12.1 - Information Disclosure via HTTP Headers
CVSS 4.3
CVE-2020-1902 HIGH
WhatsApp 2.20.108-2.20.140 & 2.20.35-2.20.49 Cleartext Transmission via Quick Search
CVSS 7.5
CVE-2020-15235 MEDIUM
ractf/core < 41edf92 - Unauthenticated Exposure of Sensitive Configuration Keys
CVSS 5.9
CVE-2020-15671 LOW
Firefox for Android < 80.0 - Password Exposure via InputContext Race Condition
CVSS 3.1
CVE-2020-5132 MEDIUM
SonicWall SMA100 Firmware and SonicOS - Exposure of Sensitive Internal Domain Names via SSL-VPN Authentication Page
CVSS 5.3
CVE-2020-6570 MEDIUM
Google Chrome < 85.0.4183.83 - Information Disclosure via WebRTC
CVSS 4.3
CVE-2020-5975 HIGH
NVIDIA GeForce NOW <2.0.23 - Info Disclosure
CVSS 7.5
CVE-2020-14181 MEDIUM
Atlassian Jira Server/Data Center <7.13.6, 8.0.0-8.5.7 - User Enumeration via ViewUserHover.jspa
CVSS 5.3
CVE-2020-9733 HIGH
Adobe Experience Manager <= 6.5.5.0 and <= 6.4.8.1 - Improper Privilege Management in Java Servlet
CVSS 7.5
CVE-2020-15790 MEDIUM
Spectrum Power 4 < 4.70 SP8 - Directory Listing Exposure via Web Server Misconfiguration
CVSS 5.3
CVE-2020-3644 MEDIUM
Qualcomm Snapdragon - Information Disclosure via Secure Touch Session Handling
CVSS 5.5
CVE-2020-3643 MEDIUM
Partial secure display-touch session tear-down - Info Disclosure
CVSS 5.5
CVE-2020-3547 MEDIUM
Cisco AsyncOS < 13.5.1-277 - Authenticated Sensitive Information Exposure via Raw HTML
CVSS 4.3
CVE-2020-3541 MEDIUM
Cisco Webex Meetings and Teams - Sensitive Information Exposure via Media Engine Log Files
CVSS 4.4
CVE-2020-3537 MEDIUM
Cisco Jabber 12.1-12.1.2 - Authenticated Exposure of Sensitive Information via UNC Link Processing
CVSS 5.7
Details
Vulnerabilities 10,152
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits