CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2018-3652 HIGH
Intel Xeon E3 5th-6th Gen - Exposure of Sensitive Information via DCI Debug Interface
CVSS 7.6
CVE-2018-3619 MEDIUM
Intel Core i7 and Core i5 - Unauthorized Data Exposure via Physical Access to Optane Memory Module
CVSS 4.6
CVE-2018-10890 MEDIUM
moodle < 3.1.13 - Exposure of Sensitive Information via Web Service
CVSS 4.3
CVE-2018-1423 MEDIUM
IBM Jazz Foundation - Info Disclosure
CVSS 4.3
CVE-2018-1337 CRITICAL
Apache Directory LDAP API < 1.0.2 - Exposure of Sensitive Information via TLS Handshake Bypass
CVSS 9.8
CVE-2018-4993 HIGH
Adobe Acrobat DC < 15.006.30417, 15.008.20082-18.011.20038 - NTLM SSO Hash Theft
CVSS 7.5
CVE-2018-4965 HIGH
Adobe Acrobat DC < 15.006.30418, 17.011.30080, 18.011.20040 - Memory Corruption and Information Disclosure
CVSS 7.5
CVE-2018-1548 MEDIUM
IBM API Connect 2018.1.0.0-2018.2.4 - Authenticated Exposure of Sensitive Information
CVSS 4.3
CVE-2018-1000402 MEDIUM
Jenkins AWS CodeDeploy Plugin <1.19 - Info Disclosure
CVSS 4.3
CVE-2018-5892 HIGH
Qualcomm Snapdragon Mobile and Wear Firmware - Unauthorized User Behavior Data Collection via Touch Pal
CVSS 7.5
CVE-2018-1546 MEDIUM
IBM API Connect 5.0.0.0-5.0.8.3 - Exposure of Sensitive Information via Missing HSTS Enforcement
CVSS 5.9
CVE-2018-9998 MEDIUM
Open-Xchange App Suite Information Disclosure via Task API Folder Parameter
CVSS 6.5
CVE-2018-12021 MEDIUM
Singularity 2.3.0-2.5.1 - Unauthorized Sensitive Information Exposure via Overlay File System
CVSS 6.5
CVE-2018-9185 HIGH
Fortinet FortiOS < 6.0.0 - Unauthenticated Exposure of Web Portal Credentials via Single Sign-On Bookmark Feature
CVSS 8.1
CVE-2018-13123 CRITICAL
OneFileCMS < 2017-10-09 - Unauthenticated Arbitrary File Read via i and f Parameters
CVSS 9.8
CVE-2018-7776 MEDIUM
Schneider Electric U.motion Builder <1.3.4 - Info Disclosure
CVSS 4.3
CVE-2018-10596 HIGH
Medtronic 2090 CareLink Programmer - SSRF
CVSS 7.1
CVE-2018-12892 CRITICAL
Xen 4.7-4.10.x - Privilege Escalation
CVSS 9.9
CVE-2018-12990 MEDIUM
phpwcms 1.8.9 - Exposure of Sensitive Information via CSRF Token Validation
CVSS 5.3
CVE-2018-12997 HIGH
Zohocorp Firewall Analyzer - Information Disclosure
CVSS 7.5
CVE-2018-12927 HIGH
Northern Electric & Power Inverter Firmware - Unauthenticated Sensitive Information Exposure via nep/status/index/1 URI
CVSS 7.5
CVE-2018-12926 HIGH
Pharos Controls Firmware - Unauthenticated Sensitive Information Exposure via Default URI
CVSS 7.5
CVE-2018-12923 HIGH
BWS Systems HA-Bridge - Exposure of Sensitive Information via Direct Request to #!/system URI
CVSS 7.5
CVE-2018-12921 HIGH
Electro Industries GaugeTech Nexus Firmware - Unauthenticated Sensitive Information Exposure via Direct URI Request
CVSS 7.5
CVE-2018-12920 HIGH
FLIR Brickstream 2300 Firmware - Unauthenticated Sensitive Information Exposure via Direct URI Request
CVSS 7.5
Details
Vulnerabilities 10,172
Exploit Likelihood High