CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,152 vulnerabilities with CWE-200
CVE-2020-7696 MEDIUM
react-native-fast-image < 8.3.0 - Exposure of Sensitive Information via Reused Headers
CVSS 5.3
CVE-2020-7284 HIGH
McAfee Network Security Management < 9.2.9.55 - Exposure of Sensitive Information via Restricted CLI
CVSS 8.6
CVE-2020-15081 MEDIUM
PrestaShop <1.7.6.6 - Info Disclosure
CVSS 5.3
CVE-2020-15080 MEDIUM
PrestaShop <1.7.6.6 - Info Disclosure
CVSS 5.3
CVE-2020-15502 HIGH
DuckDuckGo <5.58.0 (Android) & <7.47.1.0 (iOS) - Visited Hostnames Exposure via Favicon HTTPS
CVSS 7.5
CVE-2020-3391 MEDIUM
Cisco DNA Center < 1.2.10 Authenticated Sensitive Information Exposure via Cleartext Credential Storage
CVSS 6.5
CVE-2020-4565 MEDIUM
IBM Spectrum Protect Plus 10.1.0-10.1.5 - Exposure of Sensitive Information via Insecure Communications
CVSS 5.9
CVE-2020-10274 HIGH
Mobile Industrial Robots MIR100 Firmware < 2.8.1.1 - Predictable REST API Access Tokens
CVSS 7.1
CVE-2020-7262 MEDIUM
McAfee Advanced Threat Defense < 4.10.0 - Unauthorized Sensitive File Access via HTTP Request Parameter
CVSS 5.3
CVE-2020-13264 MEDIUM
GitLab CE/EE <13.0.1 - Info Disclosure
CVSS 5.3
CVE-2020-13261 MEDIUM
GitLab CE/EE <13.0.1 - Info Disclosure
CVSS 5.3
CVE-2020-10750 HIGH
jaegertracing/jaeger <1.18.1 - Info Disclosure
CVSS 7.1
CVE-2020-10782 MEDIUM
Ansible Tower 3.7.0 - Sensitive Information Exposure via Rsyslog Configuration File
CVSS 6.5
CVE-2020-3362 MEDIUM
Cisco Network Services Orchestrator < 4.7.7.3 - Authenticated Sensitive Information Exposure via CLI Command Timing
CVSS 4.7
CVE-2020-3360 MEDIUM
Cisco IP Phones Series 7800-8800 - Info Disclosure
CVSS 5.3
CVE-2020-3347 MEDIUM
Cisco Webex Meetings Desktop App for Windows - Info Disclosure
CVSS 5.5
CVE-2020-3242 MEDIUM
Cisco UCS Director - Info Disclosure
CVSS 4.9
CVE-2020-7932 MEDIUM
OMERO.web < 5.6.3 - Exposure of Sensitive Information via URL Query Parameters
CVSS 5.7
CVE-2020-7510 HIGH
Easergy T300 Firmware <= 1.5.2 - Exposure of Sensitive Information via Private Key Disclosure
CVSS 7.5
CVE-2020-7506 HIGH
Easergy T300 Firmware <= 1.5.2 - Information Exposure via Firmware Archive Handling
CVSS 7.5
CVE-2020-4045 HIGH
ssb-db 20.0.0 - Unauthenticated Exposure of Sensitive Information via get() Method
CVSS 7.5
CVE-2020-13702 MEDIUM
The Rolling Proximity Identifier < 2020-05-29 - Exposure of Sensitive Information via Bluetooth LE Discovery
CVSS 4.3
CVE-2020-13268 MEDIUM
GitLab CE/EE <13.0.1 - Info Disclosure
CVSS 5.3
CVE-2020-1775 LOW
OTRS <8.0.3-7.0.17 - Info Disclosure
CVSS 3.5
CVE-2020-12802 MEDIUM
LibreOffice <6.4.4 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 10,152
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits