CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2017-9526 MEDIUM
Libgcrypt < 1.7.7 - EdDSA Long-Term Secret Key Exposure via Session Key Leak
CVSS 5.9
CVE-2017-2180 MEDIUM
AppGoat Web App <V3.0.2 - Info Disclosure
CVSS 4.3
CVE-2017-2165 MEDIUM
GroupSession <4.6.4 - Info Disclosure
CVSS 6.5
CVE-2017-1125 LOW
IBM Cognos Analytics <10.3 - Info Disclosure
CVSS 3.3
CVE-2017-7313 HIGH
Personify360 e-Business <7.6.1 - Info Disclosure
CVSS 7.5
CVE-2017-8840 MEDIUM
Peplink Balance Firmware - Unauthenticated Sensitive Information Exposure via HASync Debug Endpoint
CVSS 5.3
CVE-2017-8441 MEDIUM
Elastic X-Pack Security < 5.4.1 and 5.3.3 - Unauthorized Data Access via Index Alias
CVSS 4.3
CVE-2017-2309 MEDIUM
Juniper Networks Junos Space <16.1R1 - Info Disclosure
CVSS 5.9
CVE-2017-2304 HIGH
Juniper Networks - Memory Corruption
CVSS 7.5
CVE-2017-7338 HIGH
Fortinet FortiPortal <4.0.0 - Info Disclosure
CVSS 7.5
CVE-2017-1292 MEDIUM
IBM Maximo Asset Management 7.5-7.6 - Exposure of Sensitive Information via Error Messages
CVSS 5.3
CVE-2017-7439 HIGH
NetApp OnCommand Unified Manager Core Package 5.x - Exposure of Sensitive Information via Error Messages
CVSS 7.5
CVE-2017-9150 MEDIUM
Linux kernel <4.11.1 - Info Disclosure
CVSS 5.5
CVE-2017-9149 HIGH
Metadata Anonymisation Toolkit (MAT) <0.7 - Info Disclosure
CVSS 7.5
CVE-2017-6987 MEDIUM
Apple <10.3.2, <10.12.5, <10.2.1, <3.2.2 - Info Disclosure
CVSS 5.5
CVE-2017-2507 MEDIUM
iPhone OS < 10.3.2, macOS < 10.12.5, tvOS < 10.2.1, watchOS < 3.2.2 - Kernel Memory Read Restriction Bypass
CVSS 5.5
CVE-2017-6647 MEDIUM
Cisco Remote Expert Manager 11.0.0 - Unauthenticated Sensitive Information Exposure via HTTP Requests
CVSS 5.3
CVE-2017-6646 MEDIUM
Cisco Remote Expert Manager 11.0.0 - Unauthenticated Exposure of Sensitive Order Information via HTTP Request
CVSS 5.3
CVE-2017-6645 MEDIUM
Cisco Remote Expert Manager 11.0.0 - Unauthenticated Sensitive Information Exposure via HTTP Request
CVSS 5.3
CVE-2017-6644 MEDIUM
Cisco Remote Expert Manager 11.0.0 - Unauthenticated Exposure of Sensitive Information via HTTP Requests
CVSS 5.3
CVE-2017-6643 MEDIUM
Cisco Remote Expert Manager 11.0.0 - Unauthenticated Sensitive Information Exposure via HTTP Request
CVSS 5.3
CVE-2017-6642 MEDIUM
Cisco Remote Expert Manager 11.0.0 - Unauthenticated Sensitive Information Exposure via HTTP Requests
CVSS 5.3
CVE-2017-9134 HIGH
Mimosa Client Radios <2.2.3 - Info Disclosure
CVSS 7.5
CVE-2017-6621 HIGH
Cisco Prime Collaboration Provisioning 10.6-11.5 - Unauthenticated Sensitive Information Exposure via HTTP Request
CVSS 7.5
CVE-2017-4017 MEDIUM
McAfee Network Data Loss Prevention < 9.3.0 - User Name Disclosure via Appliance Web Interface
CVSS 5.3
Details
Vulnerabilities 10,178
Exploit Likelihood High