CWE-200
High likelihoodExposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
10,173 vulnerabilities with CWE-200
CVE-2017-10334
MEDIUM
Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 - Unauthorized Data Access via Web Container
CVSS 4.3
CVE-2017-10332
HIGH
Oracle Universal Work Queue 12.1.1-12.1.3 12.2.3-12.2.7 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 7.5
CVE-2017-10331
MEDIUM
Oracle Application Object Library 12.1.3, 12.2.3-12.2.7 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 5.3
CVE-2017-10328
HIGH
Oracle Application Object Library 12.1.3 12.2.3-12.2.7 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 7.5
CVE-2017-10324
MEDIUM
Oracle E-Business Suite 12.1.3, 12.2.3-12.2.7 - Sensitive Information Exposure via HTTP
CVSS 5.3
CVE-2017-10319
MEDIUM
Oracle Hospitality Suite8 8.10.1-8.10.2 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 5.3
CVE-2017-10318
MEDIUM
Oracle Hospitality Suite8 8.10.1-8.10.2 - Unauthenticated Exposure of Sensitive Information via WebConnect
CVSS 4.7
CVE-2017-10317
MEDIUM
Oracle Hospitality Suite8 8.10.1-8.10.2 - Unauthenticated Exposure of Sensitive Information
CVSS 4.0
CVE-2017-10316
MEDIUM
Oracle Hospitality Suite8 8.10.1-8.10.2 - Authenticated Exposure of Sensitive Information via WebConnect
CVSS 6.5
CVE-2017-10310
HIGH
Oracle Hyperion Financial Reporting 11.1.2 - Unauthenticated Exposure of Sensitive Information via Security Models
CVSS 7.5
CVE-2017-10300
MEDIUM
Oracle Siebel CRM Desktop 16.0 and 17.0 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 5.3
CVE-2017-10299
MEDIUM
Oracle Agile PLM 9.3.5-9.3.6 - Authenticated Exposure of Sensitive Information via HTTP
CVSS 4.3
CVE-2017-10287
MEDIUM
PeopleSoft Enterprise SCM Strategic Sourcing 9.2 - Unauthorized Data Access via HTTP
CVSS 4.3
CVE-2017-10280
MEDIUM
PeopleSoft Enterprise PeopleTools 8.54-8.56 - Authenticated Exposure of Sensitive Information via Test Framework
CVSS 6.5
CVE-2017-10261
MEDIUM
Oracle Database 11.2.0.4 and 12.1.0.2 - Unauthorized Data Access in XML Database
CVSS 6.5
CVE-2017-10259
HIGH
Oracle Access Manager 11.1.2.3.0 - Unauthenticated Exposure of Sensitive Information via Web Server Plugin
CVSS 7.5
CVE-2017-10197
MEDIUM
Oracle Hospitality OPERA 5 Property Services 5.4.2.x-5.5.1.x - Sensitive Information Exposure
CVSS 4.6
CVE-2017-10194
LOW
Oracle Integrated Lights Out Manager Firmware < 3.2.6 - Authenticated Exposure of Sensitive Information via HTTP
CVSS 2.7
CVE-2017-10164
MEDIUM
PeopleSoft Enterprise FSCM 9.2 - Unauthorized Data Access via Staffing Front Office
CVSS 4.3
CVE-2017-10154
MEDIUM
Oracle Access Manager 11.1.2.3.0 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 5.3
CVE-2017-10152
MEDIUM
Oracle WebLogic Server 10.3.6.0.0 and 12.1.3.0.0 - Authenticated Exposure of Sensitive Information via HTTP
CVSS 6.5
CVE-2017-10037
HIGH
Oracle Fusion Middleware - Unauthenticated RCE
CVSS 7.5
CVE-2017-15610
MEDIUM
Octopus Deploy < 3.17.6 - Unauthenticated Exposure of Sensitive Information via Guest Account Certificate Export
CVSS 6.5
CVE-2017-12289
MEDIUM
Cisco IOS XE - Authenticated Sensitive IPsec Information Exposure via Debug Logging
CVSS 4.4
CVE-2017-12284
MEDIUM
Cisco Jabber for Windows Client - Info Disclosure
CVSS 5.5
Details
Vulnerabilities
10,173
Exploit Likelihood
High