CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,173 vulnerabilities with CWE-200
CVE-2017-10334 MEDIUM
Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 - Unauthorized Data Access via Web Container
CVSS 4.3
CVE-2017-10332 HIGH
Oracle Universal Work Queue 12.1.1-12.1.3 12.2.3-12.2.7 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 7.5
CVE-2017-10331 MEDIUM
Oracle Application Object Library 12.1.3, 12.2.3-12.2.7 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 5.3
CVE-2017-10328 HIGH
Oracle Application Object Library 12.1.3 12.2.3-12.2.7 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 7.5
CVE-2017-10324 MEDIUM
Oracle E-Business Suite 12.1.3, 12.2.3-12.2.7 - Sensitive Information Exposure via HTTP
CVSS 5.3
CVE-2017-10319 MEDIUM
Oracle Hospitality Suite8 8.10.1-8.10.2 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 5.3
CVE-2017-10318 MEDIUM
Oracle Hospitality Suite8 8.10.1-8.10.2 - Unauthenticated Exposure of Sensitive Information via WebConnect
CVSS 4.7
CVE-2017-10317 MEDIUM
Oracle Hospitality Suite8 8.10.1-8.10.2 - Unauthenticated Exposure of Sensitive Information
CVSS 4.0
CVE-2017-10316 MEDIUM
Oracle Hospitality Suite8 8.10.1-8.10.2 - Authenticated Exposure of Sensitive Information via WebConnect
CVSS 6.5
CVE-2017-10310 HIGH
Oracle Hyperion Financial Reporting 11.1.2 - Unauthenticated Exposure of Sensitive Information via Security Models
CVSS 7.5
CVE-2017-10300 MEDIUM
Oracle Siebel CRM Desktop 16.0 and 17.0 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 5.3
CVE-2017-10299 MEDIUM
Oracle Agile PLM 9.3.5-9.3.6 - Authenticated Exposure of Sensitive Information via HTTP
CVSS 4.3
CVE-2017-10287 MEDIUM
PeopleSoft Enterprise SCM Strategic Sourcing 9.2 - Unauthorized Data Access via HTTP
CVSS 4.3
CVE-2017-10280 MEDIUM
PeopleSoft Enterprise PeopleTools 8.54-8.56 - Authenticated Exposure of Sensitive Information via Test Framework
CVSS 6.5
CVE-2017-10261 MEDIUM
Oracle Database 11.2.0.4 and 12.1.0.2 - Unauthorized Data Access in XML Database
CVSS 6.5
CVE-2017-10259 HIGH
Oracle Access Manager 11.1.2.3.0 - Unauthenticated Exposure of Sensitive Information via Web Server Plugin
CVSS 7.5
CVE-2017-10197 MEDIUM
Oracle Hospitality OPERA 5 Property Services 5.4.2.x-5.5.1.x - Sensitive Information Exposure
CVSS 4.6
CVE-2017-10194 LOW
Oracle Integrated Lights Out Manager Firmware < 3.2.6 - Authenticated Exposure of Sensitive Information via HTTP
CVSS 2.7
CVE-2017-10164 MEDIUM
PeopleSoft Enterprise FSCM 9.2 - Unauthorized Data Access via Staffing Front Office
CVSS 4.3
CVE-2017-10154 MEDIUM
Oracle Access Manager 11.1.2.3.0 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 5.3
CVE-2017-10152 MEDIUM
Oracle WebLogic Server 10.3.6.0.0 and 12.1.3.0.0 - Authenticated Exposure of Sensitive Information via HTTP
CVSS 6.5
CVE-2017-10037 HIGH
Oracle Fusion Middleware - Unauthenticated RCE
CVSS 7.5
CVE-2017-15610 MEDIUM
Octopus Deploy < 3.17.6 - Unauthenticated Exposure of Sensitive Information via Guest Account Certificate Export
CVSS 6.5
CVE-2017-12289 MEDIUM
Cisco IOS XE - Authenticated Sensitive IPsec Information Exposure via Debug Logging
CVSS 4.4
CVE-2017-12284 MEDIUM
Cisco Jabber for Windows Client - Info Disclosure
CVSS 5.5
Details
Vulnerabilities 10,173
Exploit Likelihood High