CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2018-0269 MEDIUM
Cisco Digital Network Architecture Center - Unauthenticated Sensitive Information Exposure via CORS Misconfiguration
CVSS 4.3
CVE-2018-0267 MEDIUM
Cisco Unified Communications Manager - Authenticated Exposure of Sensitive Information via Web Interface
CVSS 6.5
CVE-2018-0266 MEDIUM
Cisco Unified Communications Manager - Authenticated Exposure of Sensitive Configuration Data via Web Interface
CVSS 4.3
CVE-2018-10219 MEDIUM
baijiacms V3 - Physical Path Leakage via Mobile Member Index Request
CVSS 5.3
CVE-2018-7244 MEDIUM
Schneider Electric 66074 MGE Network Management Card - Sensitive Information Exposure
CVSS 5.3
CVE-2018-1240 HIGH
Dell EMC ViPR Controller 3.0.0.39-3.6.1.3 - Information Exposure via VRRP Plaintext Password
CVSS 8.0
CVE-2018-10189 HIGH
Mautic 1.x-2.x < 2.13.0 - Unauthorized Contact Information Exposure via Tracking Cookie Manipulation
CVSS 7.5
CVE-2018-5430 HIGH KEV
TIBCO JasperReports Server - Info Disclosure
CVSS 8.8
CVE-2018-10178 MEDIUM
FromDocToPDF <13.611.13.2303 - Info Disclosure
CVSS 5.3
CVE-2018-10106 CRITICAL
D-Link DIR-815 REV. B - Privilege Escalation/Info Disclosure
CVSS 9.8
CVE-2018-1000169 MEDIUM
Jenkins < 2.105, < 2.107.1, < 2.107.2 - Unauthenticated Sensitive Information Exposure via CLI Command
CVSS 5.3
CVE-2018-10082 MEDIUM
CMS Made Simple < 2.2.7 - Physical Path Leakage via Invalid Page Parameter or Direct Request
CVSS 5.3
CVE-2018-1086 MEDIUM
Pacemaker Command Line Interface - Privilege Escalation via Debug Parameter Bypass
CVSS 4.3
CVE-2018-9842 MEDIUM
CyberArk Password Vault < 9.7 - Exposure of Sensitive Information via Logon Message Replay
CVSS 5.3
CVE-2018-0892 MEDIUM
Microsoft Edge - Information Disclosure via Improper Memory Handling
CVSS 4.3
CVE-2018-0018 HIGH
Juniper Junos OS - Information Disclosure via IDP Policy Bypass
CVSS 7.5
CVE-2018-10028 MEDIUM
joyplus-cms 1.6.0 - Info Disclosure
CVSS 5.3
CVE-2018-7930 MEDIUM
Huawei Mate 9 Firmware < MHA-L29B 8.0.0.366(C567) - Unauthorized File Access via NFC Data Transfer
CVSS 5.7
CVE-2018-9922 MEDIUM
icmsdev iCMS < 7.0.7 - Physical Path Leakage via Invalid Nickname Field
CVSS 5.3
CVE-2018-9852 CRITICAL
gxlcms_qy 1.0.0713 - Unauthenticated Sensitive Information Exposure via Home-Hits Request
CVSS 9.8
CVE-2018-9325 HIGH
Etherpad 1.5.0-1.5.7 - Unauthenticated Exposure of Sensitive Information via Pad Export
CVSS 7.5
CVE-2018-7506 HIGH
Moxa MXview < 2.8 - Unauthenticated Exposure of Sensitive Information via HTTP GET Request
CVSS 7.5
CVE-2018-1284 LOW
Apache Hive 0.6.0-2.3.2 - Unauthorized File Content Exposure via XPath UDFs
CVSS 3.7
CVE-2018-1000150 LOW
Jenkins Reverse Proxy Auth Plugin <1.5 - Info Disclosure
CVSS 3.3
CVE-2018-1000148 MEDIUM
Jenkins Copy To Slave Plugin <1.4.4 - Info Disclosure
CVSS 6.5
Details
Vulnerabilities 10,172
Exploit Likelihood High