CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,157 vulnerabilities with CWE-200
CVE-2018-1623 MEDIUM
IBM Security Privileged Identity Manager 2.2.1 - Sensitive Information Exposure via Local Storage
CVSS 4.0
CVE-2018-13297 MEDIUM
Synology Drive < 1.1.2-10562 - Information Exposure via dsm_path Parameter
CVSS 5.3
CVE-2018-13295 MEDIUM
Synology Application Service < 1.5.4-0320 - Authenticated Information Exposure via Version Parameter
CVSS 4.3
CVE-2018-13294 MEDIUM
Synology Application Service < 1.5.4-0320 - Authenticated Information Exposure via uid Parameter
CVSS 4.3
CVE-2018-13292 MEDIUM
Synology Router Manager < 1.1.7-6941-2 - Sensitive Information Exposure via World-Readable Mount Configuration
CVSS 4.3
CVE-2018-13291 MEDIUM
Synology DiskStation Manager 5.2-6.2.1-23824 - Authenticated Sensitive Information Exposure via Mount Configuration
CVSS 4.3
CVE-2018-13290 MEDIUM
Synology Router Manager < 1.1.7-6941-2 - Authenticated Information Exposure via file_path Parameter
CVSS 4.3
CVE-2018-13289 MEDIUM
Synology Router Manager < 1.1.7-6941-2 - Information Exposure via Folder Path Parameter
CVSS 5.3
CVE-2018-13288 MEDIUM
Synology File Station < 1.1.5-0125 - Exposure of Sensitive Information via folder_path or real_path Parameter
CVSS 5.3
CVE-2018-19643 MEDIUM
Micro Focus SBM <11.5 - Info Disclosure
CVSS 4.7
CVE-2018-20555 CRITICAL
Design Chemical Social Network Tabs 1.7.1 - Exposure of Sensitive Twitter Credentials via dcwp_twitter.php
CVSS 9.8
CVE-2018-19487 HIGH
WP-jobhunt < 2.4 - Unauthenticated User Information Enumeration via admin-ajax.php
CVSS 7.5
CVE-2018-18762 MEDIUM
SaltOS 3.1 r8126 - Unauthenticated Database Download
CVSS 6.5
CVE-2018-17502 MEDIUM
The Receptionist for iPad - Info Disclosure
CVSS 4.0
CVE-2018-17484 MEDIUM
Lobby Track Desktop - Info Disclosure
CVSS 4.0
CVE-2018-17483 LOW
Lobby Track Desktop - Info Disclosure
CVSS 2.9
CVE-2018-17482 MEDIUM
Lobby Track Desktop - Info Disclosure
CVSS 4.0
CVE-2018-15532 LOW
Synaptics Touchpad Driver < 2018-06-06 - Exposure of Sensitive Information via Freed Kernel Address
CVSS 3.8
CVE-2018-18205 HIGH
Topvision CC8800 CMTS C-E - Exposure of Sensitive Information via Direct Request
CVSS 7.5
CVE-2018-17956 HIGH
yast2-samba-provision <= 1.0.1 - Local Password Exposure via Command Line
CVSS 7.8
CVE-2018-1929 MEDIUM
IBM Rational Engineering Lifecycle Manager <6.0.6 - Info Disclosure
CVSS 4.3
CVE-2018-12224 LOW
Intel Graphics Driver - Information Disclosure via Buffer Leakage in igdkm64.sys
CVSS 3.3
CVE-2018-17944 MEDIUM
Lexmark CX725h/CX820/CX825/CX860/XC4150/XC6152/XC8155/XC8160 Firmware - Unauthenticated LDAP/SMTP Credential Exposure
CVSS 4.9
CVE-2018-2009 MEDIUM
IBM API Connect 2018.1-2018.4.1 - Unauthorized Information Disclosure via Consumer API
CVSS 6.5
CVE-2018-1902 LOW
IBM WebSphere App Server <9.0 - Info Disclosure
CVSS 3.1
Details
Vulnerabilities 10,157
Exploit Likelihood High