CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,153 vulnerabilities with CWE-200
CVE-2019-12746 MEDIUM
OTRS 5.0.0-5.0.36 - Exposure of Sensitive Information via Embedded Ticket Article Link
CVSS 6.5
CVE-2019-4437 MEDIUM
IBM API Connect <2018.4.1.6 - Info Disclosure
CVSS 5.3
CVE-2019-13511 LOW
Rockwell Automation Arena < 16.00.00 - Information Exposure via Malicious Arena File
CVSS 3.3
CVE-2019-14800 MEDIUM
FV Flowplayer Video Player < 7.3.15.727 - Unauthenticated Email Subscription List Exposure via CSV Export
CVSS 5.3
CVE-2019-1228 MEDIUM
Windows 7 and Windows Server 2008 - Information Disclosure via Improper Memory Object Handling
CVSS 5.5
CVE-2019-1227 MEDIUM
Windows 10 and Windows Server 2016/2019 - Information Disclosure in Kernel Memory Handling
CVSS 5.5
CVE-2019-1225 HIGH
Windows 10 and Windows Server 2016/2019 - Information Disclosure via RDP Server Memory Initialization
CVSS 7.5
CVE-2019-1224 HIGH
Windows 10 and Windows Server 2016/2019 - Information Disclosure in RDP Server
CVSS 7.5
CVE-2019-1202 MEDIUM
Microsoft SharePoint - Authenticated Session Hijacking via Session Object Handling
CVSS 4.4
CVE-2019-1172 MEDIUM
Azure Active Directory (AAD) Microsoft Account (MSA) - Info Disclosure
CVSS 4.3
CVE-2019-1171 MEDIUM
Windows 10 and Windows Server 2016/2019 - Information Disclosure in SymCrypt OAEP Decryption
CVSS 5.6
CVE-2019-1158 MEDIUM
Windows GDI - Information Disclosure via Memory Handling
CVSS 5.5
CVE-2019-1154 MEDIUM
Windows 7 and Windows Server 2008 - Information Disclosure in GDI Component
CVSS 5.5
CVE-2019-1143 MEDIUM
Windows GDI - Information Disclosure via Memory Handling
CVSS 5.5
CVE-2019-1078 MEDIUM
Windows Graphics Component - Information Disclosure via Memory Handling
CVSS 5.5
CVE-2019-1030 MEDIUM
Microsoft Edge - Information Disclosure via Memory Handling
CVSS 4.3
CVE-2019-0338 MEDIUM
SAP Gateway 750-753 - Information Disclosure via Improper HTTP Header Handling
CVSS 5.3
CVE-2019-13419 HIGH
Search Guard < 23.1 - Exposure of Sensitive Information via Aggregation Clear Text Leak
CVSS 7.5
CVE-2019-13417 MEDIUM
Search Guard < 24.0 - Unauthorized Field Name Exposure via Field Caps and Mapping API
CVSS 5.3
CVE-2019-3800 MEDIUM
Cloud Foundry Command Line Interface < 6.45.0 - Insufficiently Protected Credentials in Config File
CVSS 6.3
CVE-2019-7852 MEDIUM
Magento <2.1.18-2.3.2 - Info Disclosure
CVSS 5.3
CVE-2019-10156 MEDIUM
Ansible <2.6.18, <2.7.12, <2.8.2 - Info Disclosure
CVSS 5.4
CVE-2019-14280 MEDIUM
Craft <2.7.10-3.2.6 - Info Disclosure
CVSS 5.3
CVE-2019-0202 HIGH
Apache Storm 0.9.1-incubating-1.2.2 - Unauthenticated Sensitive Information Exposure via Logviewer Endpoint
CVSS 7.5
CVE-2019-8286 MEDIUM
Kaspersky Anti-Virus, Internet Security, Total Security < 2019 - Information Disclosure via Crafted Webpage
CVSS 4.3
Details
Vulnerabilities 10,153
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits