CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,152 vulnerabilities with CWE-200
CVE-2020-7030 MEDIUM
Avaya IP Office 9.x, 10.0-10.1.0.7, 11.0-11.0.4.3 - Insufficiently Protected Credentials
CVSS 5.5
CVE-2020-13597 MEDIUM
Calico < 2.6.2, < 3.8.8, 3.14.0 - Information Disclosure via IPv6 Route Advertisement
CVSS 6.0
CVE-2020-13764 HIGH
Rocketgenius Gravityforms < 2.4.9 - Information Disclosure
CVSS 7.5
CVE-2020-5573 MEDIUM
Kintone Mobile <2.5 - Info Disclosure
CVSS 4.6
CVE-2020-5572 MEDIUM
Mailwise for Android <1.0.1 - Info Disclosure
CVSS 4.6
CVE-2020-11059 CRITICAL
AEgir >=21.7.0-<21.10.1 - Info Disclosure
CVSS 9.6
CVE-2020-10945 MEDIUM
Centreon <19.10.7 - Info Disclosure
CVSS 4.3
CVE-2020-4226 HIGH
IBM MobileFirst Platform Foundation 8.0.0.0 - Exposure of Sensitive Information via URL Parameters
CVSS 7.5
CVE-2020-6830 HIGH
Firefox for iOS < 25.0 - Exposure of Sensitive Information via Bridging Token Leak
CVSS 7.5
CVE-2020-6489 MEDIUM
Google Chrome < 83.0.4103.61 - Exposure of Sensitive Information via Developer Tools
CVSS 4.3
CVE-2020-5364 MEDIUM
Dell EMC Isilon OneFS <= 8.2.2 - Sensitive Information Exposure via SNMPv2 Default Community String
CVSS 5.3
CVE-2020-13129 HIGH
stashcat < 3.9.1 - Exposure of Sensitive Information via Query String Logging
CVSS 7.2
CVE-2020-0092 MEDIUM
Android 10 - Unauthorized Sensitive Information Exposure via NotificationStackScrollLayout
CVSS 5.0
CVE-2020-12772 HIGH
Ignite Realtime Spark 2.8.3 - Info Disclosure
CVSS 8.8
CVE-2020-1746 MEDIUM
Ansible Engine <2.7.17, 2.8.x <2.8.11, 2.9.x <2.9.7 - Info Disclosure
CVSS 5.0
CVE-2020-8151 HIGH
Active Resource <v5.1.1 - Info Disclosure
CVSS 7.5
CVE-2020-1698 MEDIUM
Keycloak < 9.0.0 - Password Exposure via HttpMethod Exception Logging
CVSS 5.0
CVE-2020-3259 HIGH KEV
Cisco ASA & FTD Unauthenticated Memory Disclosure via Web Interface
CVSS 7.5
CVE-2020-11033 MEDIUM
GLPI 9.1-9.4.5 - Authenticated Exposure of Sensitive Information via API User Endpoint
CVSS 6.6
CVE-2020-5331 HIGH
RSA Archer < 6.7.0.3 - Authenticated Exposure of Sensitive Information in Log Files
CVSS 8.8
CVE-2020-10618 MEDIUM
LCDS LAquis SCADA <4.3.1 - Info Disclosure
CVSS 5.5
CVE-2020-6865 MEDIUM
ZTE OSCP V16.19.10 and V16.19.20 - Exposure of Sensitive Information via Error Response
CVSS 6.5
CVE-2020-5890 MEDIUM
BIG-IP 12.1.0-15.0.1 & BIG-IQ 5.2.0-7.1.0 - LDAP Credential Exposure via QKView Obfuscation Bypass
CVSS 5.5
CVE-2020-9387 MEDIUM
Mahara 19.04-19.04.5 and 19.10-19.10.3 - Unauthorized Exposure of Sensitive Account Information via Elasticsearch
CVSS 4.3
CVE-2020-11024 MEDIUM
Moonlight iOS/tvOS < 4.0.1 - Man-in-the-Middle Attack via Pairing Process
CVSS 6.1
Details
Vulnerabilities 10,152
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits