CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,152 vulnerabilities with CWE-200
CVE-2020-6190 MEDIUM
SAP NetWeaver AS Java - Info Disclosure
CVSS 5.8
CVE-2020-2103 MEDIUM
Jenkins < 2.204.1, 2.205-2.218 - Exposure of Sensitive Information via whoAmI Diagnostic Page
CVSS 5.4
CVE-2020-5220 MEDIUM
Sylius ResourceBundle 1.3.0-1.3.12, 1.4.0-1.4.5, 1.5.0, 1.6.0-1.6.2 - Data Exposure via Serialization Group HTTP Header
CVSS 4.4
CVE-2020-6954 MEDIUM
Cayin SMP-PRO4 Firmware - Unauthenticated Password Exposure via media_folder.cgi webpass Parameter
CVSS 6.5
CVE-2020-5197 MEDIUM
GitLab 5.1.0-12.6.1 - Exposure of Sensitive Information via Incorrect Access Control
CVSS 4.3
CVE-2020-6170 CRITICAL
Genexis Platinum-4410 <2.1 - Auth Bypass
CVSS 9.8
CVE-2019-1815 MEDIUM
Cisco Meraki MX67-MX68 - Info Disclosure
CVSS 5.3
CVE-2019-25210 MEDIUM
CNCF Helm <3.13.3 - Info Disclosure
CVSS 6.5
CVE-2019-18177 MEDIUM
Citrix ADC and Gateway < 13.0-58.30 - Authenticated Information Disclosure via SSL VPN Endpoint
CVSS 6.5
CVE-2019-14802 MEDIUM
HashiCorp Nomad 0.5.0-0.9.4 - Exposure of Sensitive Information via Template Rendering
CVSS 5.3
CVE-2019-5641 LOW
Rapid7 InsightVM < 6.6.160 - Information Exposure via Insufficient Session Expiration
CVSS 3.3
CVE-2019-25069 MEDIUM
Axios Italia Axios RE <1.7.0-7.0.0 - Info Disclosure
CVSS 5.3
CVE-2019-14839 HIGH
Red Hat Business Central - Exposure of Sensitive Information via HTTP Request Interception
CVSS 7.5
CVE-2019-5640 LOW
Rapid7 Nexpose < 6.6.114 - Unauthenticated Exposure of Sensitive Information via Browser Inspect Element
CVSS 3.3
CVE-2019-18947 LOW
Micro Focus Solutions Business Manager Application Repository <11.7...
CVSS 3.5
CVE-2019-14480 CRITICAL
AdRem NetCrunch 10.6.0.4587 - Auth Bypass
CVSS 9.8
CVE-2019-19283 MEDIUM
Siemens XHQ < 6.1.0.0 - Information Exposure via Web Server
CVSS 5.3
CVE-2019-4349 LOW
IBM Maximo Anywhere <7.6.3.1 - Info Disclosure
CVSS 3.5
CVE-2019-15963 MEDIUM
Cisco Unified Communications Manager - Info Disclosure
CVSS 6.5
CVE-2019-7005 HIGH
IP Office <11.0.4.2 - Info Disclosure
CVSS 7.5
CVE-2019-4731 MEDIUM
IBM MQ Appliance 9.1.4.CD - Info Disclosure
CVSS 5.5
CVE-2019-13033 LOW
CISOfy Lynis 2.0.0-2.7.5 - Exposure of Sensitive Information via Process List
CVSS 3.3
CVE-2019-20836 HIGH
Foxit Reader and PhantomPDF < 9.5 - Exposure of Sensitive Cloud Credentials
CVSS 7.5
CVE-2019-13023 MEDIUM
JetSelect - Insufficiently Protected Credentials via HTML Password Field Obfuscation
CVSS 6.5
CVE-2019-18867 HIGH
Blaauw Remote Kiln Control <3.00r4 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 10,152
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits