CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2017-16054 HIGH
nodefabric - Exposure of Sensitive Information via Environment Variable Hijacking
CVSS 7.5
CVE-2017-16053 HIGH
fabric-js - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
CVE-2017-16052 HIGH
node-fabric - Exposure of Sensitive Information via Environment Variable Hijacking
CVSS 7.5
CVE-2017-16051 HIGH
sqliter - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
CVE-2017-16050 HIGH
sqlite.js - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
CVE-2017-16049 HIGH
nodesqlite - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
CVE-2017-16048 HIGH
node-sqlite - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
CVE-2017-16045 HIGH
jquery.js - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
CVE-2017-16044 HIGH
D3.js - Information Disclosure
CVSS 7.5
CVE-2017-16024 MEDIUM
sync-exec < 0.6.2 - Insecure Temporary File
CVSS 6.5
CVE-2017-16007 MEDIUM
node-jose < 0.9.3 - Exposure of Sensitive Information via Invalid Curve Attack
CVSS 5.9
CVE-2017-16062 HIGH
node-tkinter - Exposure of Sensitive Information via Environment Variable Hijacking
CVSS 7.5
CVE-2017-16061 HIGH
tkinter - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
CVE-2017-16047 HIGH
mysqljs - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
CVE-2017-1768 MEDIUM
IBM Security Guardium Big Data Intelligence 3.1 - Exposure of Sensitive Information via Error Message
CVSS 4.3
CVE-2017-14185 MEDIUM
FortiOS 5.2.0-5.2.12, 5.4.0-5.4.8, 5.6.0-5.6.2 - Information Disclosure via SSL-VPN Web Portal
CVSS 5.3
CVE-2017-1752 MEDIUM
IBM UrbanCode Deploy 6.1-6.1.3.7 - Authenticated Exposure of Sensitive Information
CVSS 4.9
CVE-2017-2609 MEDIUM
Jenkins < 2.44 and < 2.32.2 - Unauthorized Information Disclosure via Search Suggestions
CVSS 4.3
CVE-2017-2603 LOW
Jenkins < 2.44 and 2.32.2 - User Data Leak in Disconnected Agents' config.xml API
CVSS 2.6
CVE-2017-2600 MEDIUM
Jenkins < 2.44 and < 2.32.2 - Unauthenticated Information Disclosure via Node Monitor Remote API
CVSS 4.3
CVE-2017-12128 HIGH
Moxa EDR-810 <V4.1 - Info Disclosure
CVSS 7.5
CVE-2017-2606 MEDIUM
Jenkins < 2.44 and < 2.32.2 - Unauthenticated Exposure of Sensitive Item Names via Internal API
CVSS 4.3
CVE-2017-1743 MEDIUM
IBM WebSphere Application Server 7.0-9.0 Sensitive Information Exposure
CVSS 4.3
CVE-2017-1116 MEDIUM
IBM Campaign <10.0 - Info Disclosure
CVSS 4.3
CVE-2017-9284 MEDIUM
NetIQ Identity Manager 4.6-4.6.2.1 - Exposure of Sensitive Information
CVSS 4.8
Details
Vulnerabilities 10,172
Exploit Likelihood High