CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,173 vulnerabilities with CWE-200
CVE-2017-1241 MEDIUM
IBM Rational Collaborative Lifecycle Management - Exposure of Sensitive Information via Stack Trace Display
CVSS 4.3
CVE-2017-1583 HIGH
IBM Liberty for Java for Bluemix >=3.13 - Exposure of Sensitive Information via MyFaces Error Handling
CVSS 7.5
CVE-2017-1211 LOW
IBM Daeja ViewONE 4.1.5.1 and 5.0.2 - Exposure of Sensitive Information via Logging
CVSS 2.5
CVE-2017-14327 MEDIUM
Extreme EXOS <22.x - Info Disclosure
CVSS 4.4
CVE-2017-7148 LOW
iPhone OS - Unauthorized Location Information Exposure via Location Framework
CVSS 3.3
CVE-2017-7142 MEDIUM
Safari < 10.1.2 - Unauthorized Sensitive Information Exposure via WebKit Storage
CVSS 5.3
CVE-2017-7141 MEDIUM
macOS < 10.12.6 - IP Address Exposure via Mail HTML Email Processing
CVSS 5.3
CVE-2017-7140 MEDIUM
iPhone OS < 10.3.3 - Sensitive Information Exposure via Keyboard Suggestions
CVSS 5.3
CVE-2017-7139 LOW
iPhone OS < 10.3.3 - Sensitive Information Exposure via Phone Component Timing Bug
CVSS 2.4
CVE-2017-7138 LOW
macOS < 10.12.6 - Unauthorized Apple ID Exposure via Directory Utility
CVSS 3.3
CVE-2017-7131 MEDIUM
iPhone OS < 10.3.3 - Unauthorized Contact Card Information Exposure via Bluetooth
CVSS 5.5
CVE-2017-7116 HIGH
iPhone OS < 10.3.3, tvOS < 10.2.2, watchOS < 3.2.3 - Kernel Memory Exposure via Wi-Fi Traffic
CVSS 7.5
CVE-2017-7090 HIGH
Safari < 10.1.2 - Exposure of Sensitive Information via WebKit Same Origin Policy Bypass
CVSS 7.5
CVE-2017-7082 LOW
macOS < 10.12.6 - Unauthorized Application Firewall Prompt Exposure via Screen Lock
CVSS 2.4
CVE-2017-13127 HIGH
VIP.com Mobile App - Unauthenticated Sensitive Information Exposure via Rogue Access Point
CVSS 8.1
CVE-2017-2131 MEDIUM
Panasonic KX-HJB1000 Firmware GHX1YG 14.50 and HJB1000_4.47 - Unauthenticated Exposure of Sensitive Configuration Data
CVSS 5.3
CVE-2017-10422 MEDIUM
Oracle PeopleSoft Enterprise PeopleTools 8.54 - Sensitive Information Exposure via Updates Change Assistant
CVSS 5.9
CVE-2017-10421 MEDIUM
Oracle Hospitality Suite8 8.10.1-8.10.2 - Authenticated Exposure of Sensitive Information via Leisure Subcomponent
CVSS 6.5
CVE-2017-10383 MEDIUM
Oracle Hospitality Guest Access 4.2.0 and 4.2.1 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 5.3
CVE-2017-10373 HIGH
Oracle PeopleSoft Enterprise PT PeopleTools 8.55-8.56 - Sensitive Information Exposure via Health Center
CVSS 7.5
CVE-2017-10351 MEDIUM
PeopleSoft Enterprise PT PeopleTools 8.54-8.56 - Unauthenticated Exposure of Sensitive Information
CVSS 6.2
CVE-2017-10343 MEDIUM
Oracle Hospitality Simphony 2.8-2.9 - Unauthenticated Exposure of Sensitive Information via Import/Export
CVSS 6.5
CVE-2017-10339 MEDIUM
Oracle Hospitality Suite8 8.10.1 and 8.10.2 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 5.9
CVE-2017-10337 MEDIUM
Oracle Hospitality Suite8 8.10.1-8.10.2 - Unauthorized Data Access and Partial Denial of Service via HTTP
CVSS 5.4
CVE-2017-10335 HIGH
Oracle PeopleSoft Enterprise PT PeopleTools 8.55-8.56 - Sensitive Information Exposure via Elastic Search
CVSS 7.5
Details
Vulnerabilities 10,173
Exploit Likelihood High