CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,157 vulnerabilities with CWE-200
CVE-2018-10815 MEDIUM
Cloudera Manager <5.13.4, 5.14.x <5.14.4, 5.15.x <5.15.1 - Unauthorized Sensitive Cluster Information Exposure
CVSS 6.5
CVE-2018-7844 HIGH
Modicon M580, M340, Quantum, and Premium Firmware - SNMP Information Exposure via Modbus Memory Block Read
CVSS 7.5
CVE-2018-7848 HIGH
Modicon M580, M340, Quantum, and Premium Firmware - SNMP Information Exposure via Modbus File Read
CVSS 7.5
CVE-2018-1991 LOW
IBM API Connect <5.0.8.6 - Info Disclosure
CVSS 2.7
CVE-2018-2005 LOW
IBM BigFix Platform 9.2-9.5 < 9.2.17 - Exposure of Sensitive Information in Process Memory
CVSS 3.3
CVE-2018-16656 HIGH
Kyocera TASKalfa 4002i/6002i - Info Disclosure
CVSS 7.5
CVE-2018-12301 HIGH
Seagate NAS OS 4.3.15.1 - Exposure of Sensitive Information via Download Manager URL
CVSS 7.5
CVE-2018-7083 HIGH
Aruba Instant 4.0-4.2.4.11 - Unauthenticated Sensitive Information Exposure via Core Dump Access
CVSS 7.5
CVE-2018-1990 MEDIUM
IBM Cloud App Mgmt <V2018.4.1 - Info Disclosure
CVSS 5.3
CVE-2018-2008 MEDIUM
IBM TRIRIGA Application Platform 3.5.3-3.5.3.5 - Authenticated Exposure of Sensitive Information
CVSS 4.3
CVE-2018-19456 HIGH
WP Backup+ <2018-11-22 - Info Disclosure
CVSS 7.5
CVE-2018-13991 MEDIUM
PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx 1.0-1.34 - Exposure of Sensitive Information via Firmware Images
CVSS 5.3
CVE-2018-18977 HIGH
Ascensia Contour Diabetes < 2.5.0 - Sensitive Medical Information Exposure via Weak Obfuscation
CVSS 7.5
CVE-2018-18975 HIGH
Ascensia Contour Diabetes < 2.4.30 - Exposure of Sensitive Medical Information via Weak Certificate Pinning
CVSS 7.5
CVE-2018-4071 HIGH
Sierra Wireless AirLink ES450 Firmware 4.9.3 - Authenticated Information Disclosure via EmbeddedAceGet_Task.cgi
CVSS 8.8
CVE-2018-4070 HIGH
Sierra Wireless AirLink ES450 Firmware 4.9.3 - Authenticated Information Disclosure via EmbeddedAceGet_Task.cgi
CVSS 8.8
CVE-2018-4067 MEDIUM
Sierra Wireless AirLink ES450 Firmware 4.9.3 - Authenticated Information Disclosure via ACEManager template_load.cgi
CVSS 6.5
CVE-2018-4069 HIGH
Sierra Wireless AirLink ES450 Firmware 4.9.3 - Information Exposure via Plaintext ACEManager Authentication
CVSS 7.5
CVE-2018-4068 MEDIUM
Sierra Wireless AirLink ES450 Firmware 4.9.3 - Unauthenticated Exposure of Sensitive Information via ACEManager
CVSS 5.3
CVE-2018-20510 MEDIUM
Linux Kernel 4.14.90 - Exposure of Sensitive Information via Binder Debugfs
CVSS 5.5
CVE-2018-20509 MEDIUM
Linux Kernel 4.14.90 - Exposure of Sensitive Information via Binder Debugfs
CVSS 5.5
CVE-2018-1961 MEDIUM
IBM Emptoris Contract Management <10.1.3.0 - Info Disclosure
CVSS 5.3
CVE-2018-18511 MEDIUM
Firefox < 65.0.1 - Unauthorized Cross-Origin Image Data Exposure via Canvas transferFromImageBitmap
CVSS 4.3
CVE-2018-1729 MEDIUM
IBM QRadar SIEM 7.3.0-7.3.1 - Exposure of Sensitive Information
CVSS 5.3
CVE-2018-13378 HIGH
Fortinet FortiSIEM < 5.2.0 - Unauthenticated LDAP Password Exposure via HTML Source Code
CVSS 7.2
Details
Vulnerabilities 10,157
Exploit Likelihood High