CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2017-0414 MEDIUM
Android 6.0 6.0.1 7.0 7.1.1 - Unauthorized Data Access via AOSP Messaging
CVSS 5.5
CVE-2017-0413 MEDIUM
Android 6.0 6.0.1 7.0 7.1.1 - Unauthorized Data Access via AOSP Messaging
CVSS 5.5
CVE-2017-5595 MEDIUM
ZoneMinder < 1.30.0 - Authenticated File Disclosure via Path Parameter
CVSS 5.5
CVE-2017-5550 MEDIUM
Linux Kernel < 4.9.4 - Information Exposure via Pipe Buffer Release Error
CVSS 5.5
CVE-2017-5610 MEDIUM
WordPress < 4.7.1 - Exposure of Sensitive Information via Press This Taxonomy Assignment
CVSS 5.3
CVE-2017-3319 LOW
Oracle MySQL Server <= 5.7.16 - Unauthorized Data Access via X Plugin
CVSS 3.1
CVE-2017-3315 MEDIUM
PeopleSoft Enterprise HCM ePerformance 9.2 - Unauthorized Read Access via Security Subcomponent
CVSS 4.3
CVE-2017-3296 MEDIUM
Oracle Commerce Platform 10.0.3.5 10.2.0.5 11.2.0.2 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 4.3
CVE-2017-3292 MEDIUM
Oracle PeopleSoft Enterprise PeopleTools 8.54-8.55 - Unauthorized Data Access via Integration Broker
CVSS 5.7
CVE-2017-3277 MEDIUM
Oracle Applications Manager 12.1.3 12.2.3-12.2.6 - Unauthorized Data Access via OAM Client
CVSS 4.9
CVE-2017-3255 MEDIUM
Oracle JDeveloper <=12.2.1.2.0 - Unauthenticated Sensitive Information Exposure
CVSS 5.8
CVE-2017-3250 HIGH
Oracle GlassFish Server 2.1.1 3.0.1 3.1.2 - Unauthenticated Exposure of Sensitive Information
CVSS 7.3
CVE-2017-3245 MEDIUM
Oracle FLEXCUBE Direct Banking 12.0.2-12.0.3 - Unauthenticated Exposure of Sensitive Information via Pre-Login
CVSS 4.7
CVE-2017-3240 LOW
Oracle Database Server 12.1.0.2 - Unauthorized Read Access in RDBMS Security
CVSS 3.3
CVE-2017-3239 LOW
Oracle GlassFish Server 3.0.1 and 3.1.2 - Unauthorized Read Access to Sensitive Data
CVSS 3.3
CVE-2017-3231 MEDIUM
Oracle JDK and JRE - Unauthenticated Exposure of Sensitive Information via Networking
CVSS 4.3
CVE-2017-3805 MEDIUM
Cisco IOS and IOx - Unauthenticated Exposure of Sensitive Information
CVSS 5.3
CVE-2017-3797 MEDIUM
Cisco WebEx Meetings Server - Info Disclosure
CVSS 5.3
CVE-2017-5372 HIGH
SAP NetWeaver AS Java - Unauthenticated Sensitive Information Exposure via MSPRuntimeInterface Functions
CVSS 7.5
CVE-2017-5182 HIGH
Open Enterprise Server - Unauthenticated Arbitrary File Read via Remote Manager URL
CVSS 7.5
CVE-2017-5223 MEDIUM
PHPMailer < 5.2.22 - Unauthenticated Sensitive Information Exposure via msgHTML Image Attachment Handling
CVSS 5.5
CVE-2017-5487 MEDIUM
WordPress < 4.7.1 - Unauthorized User Information Exposure via REST API
CVSS 5.3
CVE-2017-2584 HIGH
Linux Kernel < 4.9.3 - Use-After-Free and Information Disclosure via Instruction Emulation
CVSS 7.1
CVE-2017-0398 MEDIUM
Android 4.4.4 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1 - Information Disclosure in Audioserver
CVSS 5.5
CVE-2017-0402 MEDIUM
Android 4.4.4-7.1 - Information Disclosure in libeffects EffectBundle
CVSS 5.5
Details
Vulnerabilities 10,178
Exploit Likelihood High