CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,152 vulnerabilities with CWE-200
CVE-2019-4751 MEDIUM
IBM Cloud App Management <2019.4.0 - Info Disclosure
CVSS 5.3
CVE-2019-10523 MEDIUM
Qualcomm Snapdragon Firmware - Unauthorized Information Exposure via Remote Data Transmission
CVSS 5.5
CVE-2019-20646 CRITICAL
NETGEAR RAX40 Firmware < 1.0.3.64 - Unauthenticated Exposure of Administrative Credentials
CVSS 9.8
CVE-2019-20638 MEDIUM
NETGEAR MR1100 Firmware < 12.06.08.00 - Unauthenticated Exposure of Administrative Credentials
CVSS 6.5
CVE-2019-7305 MEDIUM
eXtplorer < 2.1.0 - Information Exposure via World-Accessible System Directories
CVSS 5.8
CVE-2019-19091 MEDIUM
Hitachi Energy eSOMS 4.0-6.0.3 - Information Exposure via HTTPS Response Comments
CVSS 4.3
CVE-2019-19000 MEDIUM
ABB eSOMS 4.0-6.0.3 - Sensitive Information Exposure via Improper Cache-Control Headers
CVSS 6.5
CVE-2019-20616 MEDIUM
Samsung Android N(7.x) and O(8.x) - Unauthorized Exposure of Private Mode Thumbnail
CVSS 5.3
CVE-2019-20615 MEDIUM
Samsung Android N(7.x) and O(8.x) - Factory Reset Protection Bypass via SVoice Terms and Conditions
CVSS 4.6
CVE-2019-15656 HIGH
D-Link DSL-2875AL and DSL-2877AL Firmware < 1.00.05 - Unauthenticated Credential Disclosure via index.asp
CVSS 7.5
CVE-2019-19677 MEDIUM
arxes-tolina 3.0.0 - Info Disclosure
CVSS 4.3
CVE-2019-16157 MEDIUM
Fortinet FortiWeb <6.2.0 - Info Disclosure
CVSS 6.5
CVE-2019-9103 MEDIUM
Moxa MB3170 MB3270 MB3180 MB3280 MB3480 MB3660 Firmware - Unauthenticated Sensitive Information Exposure via Web Service
CVSS 5.3
CVE-2019-13457 MEDIUM
OTRS 7.0.0-7.0.8 - Unauthorized Information Disclosure via Search Results
CVSS 4.3
CVE-2019-12432 MEDIUM
GitLab 8.13-11.11 - Unauthenticated Information Disclosure via Unsubscription Page
CVSS 4.3
CVE-2019-14893 CRITICAL
FasterXML jackson-databind < 2.9.10 - Remote Code Execution via Xalan JNDI Gadget Deserialization
CVSS 9.8
CVE-2019-14892 CRITICAL
jackson-databind < 2.6.7.3 - Remote Code Execution via Polymorphic Deserialization
CVSS 9.8
CVE-2019-15594 MEDIUM
GitLab < 11.8 - Exposure of Sensitive Pipeline Information via Merge Request Endpoint
CVSS 4.3
CVE-2019-15592 MEDIUM
GitLab 11.2.0-12.0.7 - Unauthenticated Exposure of Sensitive Information via Activity Timeline
CVSS 4.3
CVE-2019-6193 HIGH
Lenovo XClarity Administrator < 2.6.6 - Unauthenticated Information Disclosure via Configuration Files
CVSS 7.5
CVE-2019-4562 MEDIUM
IBM Security Directory Server 6.4.0 - Info Disclosure
CVSS 5.3
CVE-2019-3016 MEDIUM
Linux Kernel >= 4.16 - Unauthorized Memory Read via PV TLB Race Condition
CVSS 6.2
CVE-2019-19550 HIGH
Senior Rubiweb <6.2.34.28,6.2.34.37 - Auth Bypass
CVSS 7.5
CVE-2019-5470 HIGH
GitLab < 11.11.6, 12.0.4, 12.1.2 - Missing Authorization in Security Dashboard
CVSS 7.5
CVE-2019-5465 MEDIUM
GitLab 8.14.0-11.11.7 - Exposure of Sensitive Information via Move Issue Feature
CVSS 4.3
Details
Vulnerabilities 10,152
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits