CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,153 vulnerabilities with CWE-200
CVE-2019-1370 MEDIUM
Open Enclave SDK < 0.7.0 - Information Disclosure via Memory Handling
CVSS 5.5
CVE-2019-1324 MEDIUM
Windows 10 and Windows Server 2016/2019 - Information Disclosure via IPv6 Flow Label Handling
CVSS 5.3
CVE-2019-4412 MEDIUM
IBM Cognos Controller - Info Disclosure
CVSS 5.3
CVE-2019-13557 MEDIUM
Tasy EMR <3.02.1757 - Info Disclosure
CVSS 5.3
CVE-2019-3422 MEDIUM
ZTE MF910S Firmware - Unauthenticated Sensitive Information Exposure via One-Click Upgrade Tool
CVSS 6.2
CVE-2019-1877 MEDIUM
Cisco Enterprise Chat and Email - Info Disclosure
CVSS 6.5
CVE-2019-1734 MEDIUM
Cisco FXOS and NX-OS - Authenticated Sensitive Information Exposure via CLI Diagnostic Command
CVSS 5.5
CVE-2019-10223 MEDIUM
Kube-state-metrics <1.7.2 - Info Disclosure
CVSS 6.5
CVE-2019-16908 MEDIUM
Infosysta In-App & Desktop Notifications < 1.6.14_j8 - Sensitive Information Exposure via Project Filter
CVSS 5.3
CVE-2019-17321 MEDIUM
ClipSoft REXPERT < 1.0.0.527 - Unauthenticated Username Exposure via Session File Path
CVSS 5.3
CVE-2019-7619 MEDIUM
Elasticsearch <7.4 - Info Disclosure
CVSS 5.3
CVE-2019-6851 HIGH
Schneider Electric Modicon M580, M340, Premium, Quantum - File and Directory Information Exposure via TFTP Protocol
CVSS 7.5
CVE-2019-6850 HIGH
Modicon M580/BMENOC - Info Disclosure
CVSS 7.5
CVE-2019-6849 HIGH
Modicon M580,BMENOC 0311,BMENOC 0321 - Info Disclosure
CVSS 7.5
CVE-2019-18612 MEDIUM
MediaWiki AbuseFilter <1.34 - Info Disclosure
CVSS 5.3
CVE-2019-18611 MEDIUM
MediaWiki CheckUser <1.34 - Info Disclosure
CVSS 6.5
CVE-2019-10209 LOW
PostgreSQL 11.0-11.4 - Memory Disclosure in Cross-Type Comparison for Hashed Subplan
CVSS 2.2
CVE-2019-4397 MEDIUM
IBM Cloud Orchestrator <2.5.0.9 & <2.4.0.5 - Info Disclosure
CVSS 6.5
CVE-2019-11282 MEDIUM
Cloudfoundry Cf-deployment < 12.2.0 - Information Disclosure
CVSS 4.3
CVE-2019-13410 HIGH
TOPMeeting < 8.8 - Unauthenticated Exposure of Sensitive Information via Frontend Page Source
CVSS 7.5
CVE-2019-17671 MEDIUM
WordPress < 5.2.4 - Unauthenticated Exposure of Sensitive Information via Static Query Property
CVSS 5.3
CVE-2019-15257 MEDIUM
Cisco SPA100 Series Firmware - Authenticated Sensitive Information Exposure via Web Interface
CVSS 6.5
CVE-2019-12708 MEDIUM
Cisco SPA100 Series Firmware - Authenticated Exposure of Sensitive Information via Web Interface
CVSS 6.5
CVE-2019-12704 MEDIUM
Cisco SPA100 Series Firmware - Authenticated Arbitrary File Read via Web Interface
CVSS 6.5
CVE-2019-3767 HIGH
Dell ImageAssist < 8.7.15 - Sensitive Information Exposure via Encrypted Image Storage
CVSS 8.2
Details
Vulnerabilities 10,153
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits