CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2017-12884 HIGH
Open-xchange Appsuite < 7.8.4 - Information Disclosure
CVSS 7.5
CVE-2017-7510 HIGH
ovirt-engine 4.1 - Insufficiently Protected Credentials via REST Interface
CVSS 8.8
CVE-2017-1177 MEDIUM
IBM BigFix Compliance <1.9.91 - Info Disclosure
CVSS 5.3
CVE-2017-18332 MEDIUM
Qualcomm Snapdragon Firmware - Unauthorized Exposure of Security Keys via WCDMA Call Configuration
CVSS 5.5
CVE-2017-18326 MEDIUM
Qualcomm Snapdragon Mobile and Wear Firmware - Exposure of Sensitive Cryptographic Keys in Modem Debug Messages
CVSS 5.5
CVE-2017-18324 MEDIUM
Qualcomm Snapdragon Mobile and Wear Firmware - Cryptographic Key Material Exposure via GERAN Debug Messages
CVSS 5.5
CVE-2017-18322 MEDIUM
Qualcomm Snapdragon Mobile and Wear Firmware - Cryptographic Key Material Exposure via WCDMA Debug Messages
CVSS 5.5
CVE-2017-18321 MEDIUM
Qualcomm MDM9650, MDM9655, SD 835, SDA660 Firmware - Exposure of Sensitive Session Keys
CVSS 5.5
CVE-2017-15031 HIGH
ARM Trusted Firmware <= 1.4 - Secure World Timing Information Leak via PMCR_EL0 Register
CVSS 7.5
CVE-2017-1272 LOW
IBM Security Guardium 10.0-10.5 - Exposure of Sensitive Information via URL Parameters
CVSS 3.7
CVE-2017-18355 HIGH
Rendertron 1.0.0 - Exposure of Sensitive Information via node_modules Package Paths
CVSS 7.5
CVE-2017-1119 MEDIUM
IBM Marketing Operations <10.1 - Info Disclosure
CVSS 4.3
CVE-2017-18300 MEDIUM
Qualcomm Mdm9206 Firmware - Information Disclosure
CVSS 5.5
CVE-2017-5658 MEDIUM
Apache Pony Mail 0.7-0.9 - Unauthenticated Exposure of Sensitive Information via Statistics Generator
CVSS 5.3
CVE-2017-14443 MEDIUM
Insteon Hub <1012 - Info Disclosure
CVSS 6.5
CVE-2017-16639 MEDIUM
Tor Browser < 8.0 - Deanonymization via SMB Traffic Leak
CVSS 4.3
CVE-2017-1679 MEDIUM
IBM OpenPages GRC <8.0 - Info Disclosure
CVSS 5.5
CVE-2017-15139 HIGH
OpenStack Cinder <= Queens - Exposure of Sensitive Information via ScaleIO Thin Volume Zero Padding
CVSS 7.5
CVE-2017-18345 CRITICAL
joomanager < 2.0.0 - Unauthenticated Arbitrary File Download via configuration.php Path Parameter
CVSS 9.8
CVE-2017-1732 MEDIUM
IBM Security Access Manager 8.2.2 - Sensitive Information Exposure via Insecure Cookie Transmission
CVSS 4.3
CVE-2017-15138 MEDIUM
OpenShift Container Platform - Unauthorized Exposure of Webhook Tokens
CVSS 5.0
CVE-2017-1286 MEDIUM
IBM UrbanCode Deploy 6.1-6.9.6.0 - Exposure of Sensitive Configuration Information
CVSS 6.5
CVE-2017-2654 LOW
Jenkins Email Extension < 2.57.1 - Information Exposure via Dynamic Recipient List
CVSS 3.7
CVE-2017-9000 CRITICAL
ArubaOS Unauthenticated Arbitrary File Access
CVSS 9.8
CVE-2017-1412 MEDIUM
IBM Security Identity Governance Virtual Appliance 5.2-5.2.3.2 - Information Disclosure via Error Message
CVSS 4.3
Details
Vulnerabilities 10,172
Exploit Likelihood High