CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2017-11927 MEDIUM
Windows Information Disclosure via its:// Protocol Handler
CVSS 6.5
CVE-2017-11919 MEDIUM
Microsoft <10.0.1511-10.0.1709 - Info Disclosure
CVSS 5.3
CVE-2017-11906 MEDIUM
Internet Explorer - Info Disclosure
CVSS 5.3
CVE-2017-11887 MEDIUM
Internet Explorer - Info Disclosure
CVSS 5.3
CVE-2017-16687 MEDIUM
SAP HANA Database 1.00, 2.00 - Unauthenticated User Enumeration via Error Messages
CVSS 5.3
CVE-2017-8865 MEDIUM
CogniToys Dino Firmware < 0.0.794 - Unauthenticated VoIP Traffic Replay
CVSS 5.9
CVE-2017-1613 MEDIUM
IBM Connections 6.0 - Info Disclosure
CVSS 5.3
CVE-2017-1507 MEDIUM
IBM Rational Quality Manager - Exposure of Sensitive Information
CVSS 4.3
CVE-2017-3111 HIGH
Adobe Experience Manager 6.0-6.3 - Sensitive Token Exposure via HTTP GET Requests
CVSS 7.5
CVE-2017-16369 MEDIUM
Adobe Acrobat <2017.012.20098 - SSRF
CVSS 6.5
CVE-2017-11273 MEDIUM
Adobe Digital Editions <= 4.5.6 - Sensitive Information Exposure via XML Parsing
CVSS 5.5
CVE-2017-16854 MEDIUM
OTRS <3.3.20-6.0.1 - Info Disclosure
CVSS 6.5
CVE-2017-17463 HIGH
vivo modem_firmware - Unauthenticated Sensitive Information Exposure via index.cgi HTML Source
CVSS 7.5
CVE-2017-1000410 HIGH
Linux kernel <3.3-rc1 - Info Disclosure
CVSS 7.5
CVE-2017-3738 MEDIUM
AVX2 Montgomery multiplication - Buffer Overflow
CVSS 5.9
CVE-2017-1497 LOW
IBM Sterling File Gateway 2.2 - Unauthorized File Access via Directory Path
CVSS 3.7
CVE-2017-1487 MEDIUM
IBM Sterling File Gateway 2.2 - Authenticated Exposure of Sensitive Information
CVSS 6.5
CVE-2017-1481 MEDIUM
IBM Sterling B2B Integrator 5.2 - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 4.3
CVE-2017-1355 LOW
IBM Atlas eDiscovery Process Management 6.0.3 - Info Disclosure
CVSS 3.7
CVE-2017-1353 LOW
IBM Atlas eDiscovery Process Management 6.0.3 - Info Disclosure
CVSS 3.5
CVE-2017-1342 MEDIUM
IBM Insights Foundation for Energy <2.0 - Info Disclosure
CVSS 4.3
CVE-2017-17449 MEDIUM
Linux Kernel < 4.14.4 - Sensitive Information Exposure via Netlink Namespace Bypass
CVSS 4.7
CVE-2017-17068 HIGH
auth0.js < 8.12 - Unauthenticated Exposure of Sensitive Information via Popup Callback
CVSS 7.5
CVE-2017-13175 HIGH
Android - Information Disclosure in NVIDIA libwilhelm
CVSS 7.5
CVE-2017-13169 HIGH
Android Kernel - Information Disclosure in Camera Server
CVSS 7.5
Details
Vulnerabilities 10,172
Exploit Likelihood High