CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2017-1409 MEDIUM
IBM Security Identity Governance Virtual Appliance 5.2-5.2.3.2 - Exposure of Sensitive Information
CVSS 5.3
CVE-2017-2651 LOW
Jenkins Mailer < 1.20 - Information Disclosure via Dynamic User List Feature
CVSS 3.7
CVE-2017-2624 MEDIUM
x.org x_server < 1.19.4 - Covert Timing Channel via MIT Cookie memcmp Comparison
CVSS 5.9
CVE-2017-12173 MEDIUM
Red Hat Enterprise Linux - Information Disclosure via SSSD Local Cache Injection
CVSS 4.3
CVE-2017-2622 MEDIUM
OpenStack Workflow - Info Disclosure
CVSS 5.9
CVE-2017-2582 MEDIUM
Keycloak < 2.5.1 - Information Disclosure via SAML Request ID Field
CVSS 6.5
CVE-2017-12167 MEDIUM
JBoss Enterprise Application Platform < 7.0.9 - Unauthorized Exposure of Sensitive User and Role Information
CVSS 5.5
CVE-2017-12163 MEDIUM
Samba <4.4.16-4.6.8 - Info Disclosure
CVSS 4.1
CVE-2017-7526 MEDIUM
libgcrypt <1.7.8 - Cache Side Channel
CVSS 6.1
CVE-2017-18104 MEDIUM
Atlassian Jira <7.6.7 and 7.7.0-7.11.0 - Exposure of Sensitive Information via Webhooks
CVSS 5.9
CVE-2017-1633 MEDIUM
IBM Sterling B2B Integrator <5.2.6 - Info Disclosure
CVSS 4.3
CVE-2017-1544 LOW
IBM Sterling File Gateway 2.2.0-2.2.6 - Exposure of Sensitive Information via Browser Caching
CVSS 2.4
CVE-2017-1395 MEDIUM
IBM Security Identity Governance And Intelligence < 5.2.3.2 - Information Disclosure
CVSS 5.9
CVE-2017-1367 LOW
IBM Security Identity Governance And Intelligence < 5.2.3.2 - Information Disclosure
CVSS 3.7
CVE-2017-14709 HIGH
Komoot - Cycling & Hiking Maps <9.3.2 - XSS
CVSS 7.4
CVE-2017-15851 HIGH
Android - Exposure of Sensitive Information via msm_ois_subdev_do_ioctl Function
CVSS 7.8
CVE-2017-1559 LOW
IBM Rational Collaborative Lifecycle Management 6.0.0-6.0.5 - Exposure of Sensitive Information via Intercepted Requests
CVSS 3.1
CVE-2017-1509 MEDIUM
IBM Rational Collaborative Lifecycle Management 6.0.0-6.0.5 - Sensitive Information Exposure via Stack Trace
CVSS 4.3
CVE-2017-1488 LOW
IBM Rational Collaborative Lifecycle Management 6.0.0-6.0.5 - Exposure of Sensitive Information
CVSS 3.7
CVE-2017-1239 MEDIUM
IBM Rational Quality Manager 5.0-5.0.1 and 6.0-6.0.5 - Information Exposure via HTTP 500 Error Response
CVSS 4.3
CVE-2017-7568 MEDIUM
NetApp OnCommand Unified Manager for 7-Mode <5.2.3 - Info Disclosure
CVSS 5.3
CVE-2017-7847 MEDIUM
Debian Linux < 52.5.2 - Information Disclosure
CVSS 4.3
CVE-2017-7844 MEDIUM
Firefox < 57.0.1 - Unauthorized History Query via SVG Image and Anchor Link Coloring
CVSS 6.5
CVE-2017-7843 HIGH
Redhat Enterprise Linux Server < 57.0.1 - Information Disclosure
CVSS 7.5
CVE-2017-7842 MEDIUM
Firefox < 57 - Referrer Policy Bypass via Link Element Request
CVSS 5.3
Details
Vulnerabilities 10,172
Exploit Likelihood High