CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2017-0289 MEDIUM
Microsoft Office - Information Disclosure
CVSS 5.0
CVE-2017-0288 MEDIUM
Microsoft Office - Information Disclosure
CVSS 5.0
CVE-2017-0287 MEDIUM
Microsoft Office - Information Disclosure
CVSS 5.0
CVE-2017-0286 MEDIUM
Microsoft Office - Information Disclosure
CVSS 5.0
CVE-2017-0285 MEDIUM
Microsoft Office - Information Disclosure
CVSS 5.0
CVE-2017-0284 MEDIUM
Microsoft Office - Information Disclosure
CVSS 5.0
CVE-2017-0282 MEDIUM
Microsoft Office - Information Disclosure
CVSS 5.0
CVE-2017-4986 MEDIUM
EMC ESRS Virtual Edition <= 3.18 - Authentication Bypass
CVSS 5.3
CVE-2017-0651 MEDIUM
Android Kernel-3.18 - Info Disclosure
CVSS 4.7
CVE-2017-0650 MEDIUM
Android Kernel 3.10/3.18 - Info Disclosure
CVSS 4.7
CVE-2017-0647 MEDIUM
Android 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 7.1.2 - Information Disclosure in libziparchive
CVSS 5.5
CVE-2017-0646 MEDIUM
Android 4.4.4 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 7.1.2 - Information Disclosure in Bluetooth Component
CVSS 5.5
CVE-2017-0645 MEDIUM
Android <7.1.2 - Privilege Escalation
CVSS 5.5
CVE-2017-0639 MEDIUM
Android 4.4.4 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 7.1.2 - Information Disclosure in Bluetooth Component
CVSS 5.5
CVE-2017-8239 MEDIUM
Android - Exposure of Sensitive Information via Unsanitized Flash Initialization Parameters
CVSS 5.5
CVE-2017-9605 MEDIUM
Linux kernel <4.11.4 - Info Disclosure
CVSS 5.5
CVE-2017-1099 MEDIUM
IBM Rational Collaborative Lifecycle Management - Exposure of Sensitive Information via Stack Trace Error
CVSS 4.3
CVE-2017-6697 MEDIUM
Cisco Elastic Services Controller 2.2(9.76) - Authenticated Exposure of Sensitive System Credentials
CVSS 6.5
CVE-2017-6696 MEDIUM
Cisco Elastic Services Controller 2.3(2) - Authenticated Exposure of Sensitive User Credentials
CVSS 5.5
CVE-2017-6695 MEDIUM
Cisco Ultra Services Platform - Authenticated Sensitive Information Exposure via ConfD Server
CVSS 5.5
CVE-2017-6691 MEDIUM
Cisco Elastic Services Controller 2.3(2) - Authenticated Exposure of Sensitive Information via ConfD CLI
CVSS 6.5
CVE-2017-6681 HIGH
Cisco Ultra Services Framework 21.0.0.0 - Unauthenticated Relative Path Traversal and Sensitive File Read
CVSS 7.5
CVE-2017-6673 MEDIUM
Cisco Firepower Management Center 6.1.0.2 6.2.0 - Authenticated Exposure of Sensitive Information
CVSS 6.5
CVE-2017-4966 HIGH
Pivotal RabbitMQ <3.6.9 - Info Disclosure
CVSS 7.8
CVE-2017-1214 MEDIUM
IBM iNotes 8.5-9.0 - Exposure of Sensitive Information via Malformed Email
CVSS 5.7
Details
Vulnerabilities 10,178
Exploit Likelihood High