CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2017-6793 MEDIUM
Cisco Prime Collaboration Provisioning Tool - Info Disclosure
CVSS 6.5
CVE-2017-12224 MEDIUM
Cisco Meeting Server - Privilege Escalation
CVSS 6.5
CVE-2017-12216 HIGH
Cisco SocialMiner - XML External Entity Injection via Crafted XML File Import
CVSS 8.8
CVE-2017-14156 MEDIUM
Linux kernel <4.12.10 - Info Disclosure
CVSS 5.5
CVE-2017-14140 MEDIUM
Linux kernel <4.12.9 - Info Disclosure
CVSS 5.5
CVE-2017-10793 HIGH
AT&T U-verse Firmware 9.2.2h0d83 - Exposure of Sensitive Information via BDC WAN Service
CVSS 8.1
CVE-2017-14114 MEDIUM
RTPproxy <2.2.alpha.20160822 - Info Disclosure/DoS
CVSS 6.5
CVE-2017-14099 HIGH
Asterisk <11.25.2, <13.17.1, <14.6.1 - Info Disclosure
CVSS 7.5
CVE-2017-14053 HIGH
NetApp OnCommand Unified Manager <7.2P1 - Info Disclosure
CVSS 7.5
CVE-2017-12872 MEDIUM
SimpleSAMLphp < 1.14.11 - Timing Side-Channel Attack via Standard Comparison Operator
CVSS 5.9
CVE-2017-12870 MEDIUM
SimpleSAMLphp < 1.14.12 - Exposure of Sensitive Information via AES Session Identifier Protection
CVSS 5.9
CVE-2017-12734 HIGH
Siemens LOGO! 8 BM < V1.81.2 - Session ID Exposure via Web Server
CVSS 7.5
CVE-2017-13774 HIGH
Hikvision iVMS-4200 < 2.6.2.6 - Exposure of Sensitive Information via Password Recovery
CVSS 7.8
CVE-2017-0379 HIGH
Libgcrypt < 1.8.1 - Exposure of Sensitive Information via Curve25519 Side-Channel Attack
CVSS 7.5
CVE-2017-3154 HIGH
Apache Atlas 0.6.0-incubating 0.7.0-incubating - Exposure of Sensitive Information via Error Stack Trace
CVSS 7.5
CVE-2017-1110 MEDIUM
IBM Curam Social Program Management <7.0 - Privilege Escalation
CVSS 6.5
CVE-2017-9978 MEDIUM
OSNEXUS QuantaStor < 4.3.0 - User Enumeration via Error Message
CVSS 5.3
CVE-2017-12857 HIGH
Polycom Unified Communications Software < 4.0.11 - Authenticated Information Disclosure via Web Application
CVSS 8.8
CVE-2017-13695 MEDIUM
Linux Kernel < 4.12.9 - Information Disclosure via ACPI Table Handling
CVSS 5.5
CVE-2017-13694 MEDIUM
Linux Kernel < 4.12.9 - Information Disclosure via ACPI Table Handling
CVSS 5.5
CVE-2017-13693 MEDIUM
Linux Kernel < 4.12.9 - Information Disclosure via ACPI Operand Cache
CVSS 5.5
CVE-2017-9512 HIGH
Atlassian Fisheye/Crucible <4.4.1 - Info Disclosure
CVSS 7.5
CVE-2017-13143 HIGH
ImageMagick < 6.9.7-6 and 7.x < 7.0.4-6 - Information Disclosure via Uninitialized Memory in ReadMATImage
CVSS 7.5
CVE-2017-1422 LOW
IBM MaaS360 DTM < 3.81 - Exposure of Sensitive Information via Improper User Rights Verification
CVSS 3.3
CVE-2017-8037 HIGH
Cloud Foundry CAPI-release v1.6.0-v1.38.0 and cf-release v244-v270 - Information Disclosure via Crafted CAPI Request
CVSS 7.5
Details
Vulnerabilities 10,178
Exploit Likelihood High