CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,160 vulnerabilities with CWE-200
CVE-2018-17944 MEDIUM
Lexmark CX725h/CX820/CX825/CX860/XC4150/XC6152/XC8155/XC8160 Firmware - Unauthenticated LDAP/SMTP Credential Exposure
CVSS 4.9
CVE-2018-2009 MEDIUM
IBM API Connect 2018.1-2018.4.1 - Unauthorized Information Disclosure via Consumer API
CVSS 6.5
CVE-2018-1902 LOW
IBM WebSphere App Server <9.0 - Info Disclosure
CVSS 3.1
CVE-2018-11783 HIGH
Apache Traffic Server 6.0.0-6.0.3 7.0.0-7.1.5 8.0.0-8.0.1 - Exposure of Sensitive Information via sslheaders Plugin
CVSS 7.5
CVE-2018-12400 MEDIUM
Firefox for Android < 63.0 - Exposure of Sensitive Information via Favicon Caching in Private Browsing Mode
CVSS 5.3
CVE-2018-12397 HIGH
Firefox < 63 - Unauthorized Local File Access via WebExtension
CVSS 7.1
CVE-2018-1775 MEDIUM
IBM Spectrum Virtualize 7.5-8.2 - Authenticated Arbitrary File Read
CVSS 6.5
CVE-2018-11845 MEDIUM
Qualcomm Snapdragon Firmware - Information Leak via Non-Time-Constant Comparison
CVSS 5.5
CVE-2018-1950 MEDIUM
IBM Security Identity Governance And Intelligence < 5.2.4.1 - Information Disclosure
CVSS 4.3
CVE-2018-1949 MEDIUM
IBM Security Identity Governance And Intelligence < 5.2.4.1 - Information Disclosure
CVSS 4.3
CVE-2018-12006 MEDIUM
Android - Unauthorized Data Access via Uninitialized Display Padding
CVSS 5.5
CVE-2018-20776 HIGH
Frog CMS 0.9.5 - Exposure of Sensitive Information via Directory Listing
CVSS 7.5
CVE-2018-1296 HIGH
Apache Hadoop 2.5.0-2.7.5 and 2.8.0-2.8.3 - Unauthorized Exposure of Extended Attributes
CVSS 7.5
CVE-2018-18334 HIGH
Trend Micro Dr. Safety < 3.0.1478 - Exposure of Sensitive Information via Same Origin Policy Bypass
CVSS 7.5
CVE-2018-15659 MEDIUM
42gears SureMDM < 6.35 - Unauthenticated Exposure of Sensitive Information via Silverlight Cross-Origin Access
CVSS 6.5
CVE-2018-15658 HIGH
42gears SureMDM < 2018-11-27 - Unauthenticated Exposure of Sensitive Information via Master Console Page
CVSS 7.5
CVE-2018-15656 HIGH
42gears SureMDM < 2018-11-27 - Unauthenticated User Enumeration via Registration API Email Parameter
CVSS 7.5
CVE-2018-15655 MEDIUM
42gears SureMDM < 6.35 - Unauthenticated Exposure of Sensitive Information via CORS Misconfiguration
CVSS 6.5
CVE-2018-1675 MEDIUM
IBM Tivoli Application Dependency Discovery Manager < 7.2.2.5 - Information Disclosure
CVSS 6.8
CVE-2018-18941 CRITICAL
Vignette Content Management 6 - Unauthenticated Administrator Password Exposure via User Edit Page
CVSS 9.8
CVE-2018-19440 MEDIUM
ARM Trusted Firmware-A - Info Disclosure
CVSS 5.3
CVE-2018-12610 MEDIUM
OX App Suite <7.8.4 - Info Disclosure
CVSS 5.3
CVE-2018-1976 MEDIUM
IBM API Connect <5.0.8.4 - Info Disclosure
CVSS 4.9
CVE-2018-16889 MEDIUM
Ceph < 13.2.4 - Sensitive Information Disclosure in Debug Logging
CVSS 5.5
CVE-2018-5497 MEDIUM
Clustered Data ONTAP <9.1P16-9.4P5 - Info Disclosure
CVSS 4.4
Details
Vulnerabilities 10,160
Exploit Likelihood High