CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2018-1553 MEDIUM
IBM WebSphere Application Server Liberty < 18.0.0.2 - Sensitive Information Exposure via SAML Web SSO Exception Handling
CVSS 5.3
CVE-2018-1306 HIGH
Apache Pluto 3.0.0 - Exposure of Sensitive Information via File Upload Path Disclosure
CVSS 7.5
CVE-2018-5436 MEDIUM
TIBCO Spotfire <7.12.0, <7.8.1-7.12.0 - Info Disclosure
CVSS 6.5
CVE-2018-12908 CRITICAL
Brynamics - Exposure of Sensitive Information via Direct Request to /dashboard/deposit
CVSS 9.8
CVE-2018-12907 HIGH
rclone 1.42 - Unauthenticated Exposure of Sensitive Information via Google Cloud Storage API URL Field
CVSS 7.5
CVE-2018-1614 MEDIUM
IBM WebSphere App Server <9.0 - Info Disclosure
CVSS 5.8
CVE-2018-3760 HIGH
Redhat Cloudforms < 2.12.4 - Information Disclosure
CVSS 7.5
CVE-2018-4861 MEDIUM
SCALANCE M875 - Authenticated Path Traversal via Web Interface
CVSS 4.9
CVE-2018-10663 HIGH
Axis IP Cameras - Exposure of Sensitive Information via Incorrect Size Calculation
CVSS 7.5
CVE-2018-1000609 MEDIUM
Jenkins Configuration as Code Plugin <0.7-alpha - Info Disclosure
CVSS 6.5
CVE-2018-1000603 HIGH
Jenkins Openstack Cloud Plugin <2.35 - Info Disclosure
CVSS 8.8
CVE-2018-1000601 MEDIUM
Jenkins SSH Credentials Plugin <1.13 - Info Disclosure
CVSS 6.5
CVE-2018-1000600 HIGH
Jenkins GitHub Plugin <1.29.1 - Info Disclosure
CVSS 8.8
CVE-2018-1000549 MEDIUM
Wekan 1.04.0 - Email and Username Enumeration via Register and Forgot Password Pages
CVSS 5.3
CVE-2018-1000535 HIGH
lms <= LMS_011123 - Info Disclosure
CVSS 7.5
CVE-2018-10852 LOW
Debian Linux < 1.16.3 - Information Disclosure
CVSS 3.8
CVE-2018-0584 HIGH
IIJ SmartKey < 2.1.0 - Authentication Bypass
CVSS 7.5
CVE-2018-0575 MEDIUM
baserCMS 3.0.0-3.0.15 and 4.0.0-4.1.0.1 - Unauthorized File Access via Mail Form Bypass
CVSS 5.3
CVE-2018-0528 MEDIUM
Cybozu Office 10.0.0-10.7.0 - Authenticated Authentication Bypass
CVSS 4.3
CVE-2018-0526 MEDIUM
Cybozu Office 10.0.0-10.7.0 - Exposure of Sensitive Information via External Image Display
CVSS 4.3
CVE-2018-12735 HIGH
SAJ Solar Inverter - Info Disclosure
CVSS 7.5
CVE-2018-12716 MEDIUM
Google Home & Chromecast <mid-2018 - SSRF
CVSS 4.3
CVE-2018-12684 HIGH
CivetWeb <1.10 - DoS/Info Disclosure
CVSS 7.1
CVE-2018-1655 MEDIUM
IBM AIX 5.3, 6.1, 7.1, and 7.2 - Kernel Memory Exposure via rmsock Command
CVSS 4.0
CVE-2018-12634 CRITICAL
CirCarLife Scada <4.3 - Info Disclosure
CVSS 9.8
Details
Vulnerabilities 10,172
Exploit Likelihood High