CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2017-17864 LOW
Linux Kernel < 4.14.8 - Pointer Leak via BPF Verifier states_equal Comparison
CVSS 3.3
CVE-2017-1698 MEDIUM
IBM WebSphere Portal <9.0 - Info Disclosure
CVSS 5.3
CVE-2017-13869 MEDIUM
Apple <11.2, <10.13.2, <4.2, <11.2 - Info Disclosure
CVSS 5.5
CVE-2017-13868 MEDIUM
Apple <11.2, <10.13.2, <4.2, <11.2 - Info Disclosure
CVSS 5.5
CVE-2017-13865 MEDIUM
Apple <11.2, <10.13.2, <4.2, <11.2 - Info Disclosure
CVSS 5.5
CVE-2017-13864 MEDIUM
iCloud < 7.2 and iTunes < 12.7.2 - User Tracking via APNs Server Certificate Mishandling
CVSS 5.9
CVE-2017-15328 HIGH
Huawei HG8245H < V300R018C00SPC110 - Unauthenticated Information Exposure via Privilege Verification Bypass
CVSS 7.5
CVE-2017-15321 LOW
Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) - Information Exposure via Low Version Transmission Protocol
CVSS 3.7
CVE-2017-17692 HIGH
Samsung Internet Browser 5.4.02.3 - Same Origin Policy Bypass via JavaScript innerHTML Manipulation
CVSS 7.5
CVE-2017-5262 HIGH
Cambium Networks cnPilot <4.3.2-R4 - Info Disclosure
CVSS 8.0
CVE-2017-6094 CRITICAL
Genexis GAPS < 7.2 - Unauthorized Exposure of Sensitive Configuration Data via Forged chk Value
CVSS 9.8
CVE-2017-1596 MEDIUM
IBM Security Guardium 10.0 - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 5.5
CVE-2017-1595 MEDIUM
IBM Security Guardium 10.0 - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 5.5
CVE-2017-1423 MEDIUM
IBM WebSphere Portal 8.5-9.0 - Exposure of Sensitive Backend Server URLs
CVSS 5.3
CVE-2017-1261 LOW
IBM Security Guardium 10.0 - Exposure of Sensitive Information in Log Files
CVSS 3.3
CVE-2017-1257 MEDIUM
IBM Security Guardium 10.0 - Exposure of Sensitive Information
CVSS 4.3
CVE-2017-17476 HIGH
OTRS 4.0.x < 4.0.28, 5.0.x < 5.0.26, 6.0.x < 6.0.3 - Session Hijacking via Crafted Email
CVSS 8.8
CVE-2017-16589 MEDIUM
Foxit Reader 8.3.1.21155 - Info Disclosure
CVSS 6.5
CVE-2017-16588 MEDIUM
Foxit Reader 8.3.1.21155 - Info Disclosure
CVSS 6.5
CVE-2017-16584 MEDIUM
Foxit Reader 8.3.2.25013 - Info Disclosure
CVSS 6.5
CVE-2017-16580 MEDIUM
Foxit Reader 8.3.2.25013 - Info Disclosure
CVSS 6.5
CVE-2017-16579 MEDIUM
Foxit Reader 8.3.2.25013 - Info Disclosure
CVSS 6.5
CVE-2017-16574 MEDIUM
Foxit Reader 8.3.1.21155 - Info Disclosure
CVSS 6.5
CVE-2017-16573 MEDIUM
Foxit Reader 8.3.1.21155 - Info Disclosure
CVSS 6.5
CVE-2017-14822 MEDIUM
Foxit Reader 8.3.1.21155 - Info Disclosure
CVSS 6.5
Details
Vulnerabilities 10,172
Exploit Likelihood High