CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-10785 MEDIUM
cPanel 11.54.0.0-11.54.0.32 - Unauthorized File Content Exposure during File Copy Operations
CVSS 6.5
CVE-2016-10815 MEDIUM
cPanel 11.50.0.4-11.50.6.2 - Unauthenticated Arbitrary File Read via Branding APIs
CVSS 6.5
CVE-2016-10844 MEDIUM
cPanel 11.48.0.5-11.48.5.2 - Exposure of Sensitive Information via chcpass Script
CVSS 6.5
CVE-2016-7404 CRITICAL
OpenStack Magnum - Exposure of Sensitive Information via Heat Template Credential Handling
CVSS 9.8
CVE-2016-1600 HIGH
NetIQ Identity Manager <4.6 - Info Disclosure
CVSS 7.5
CVE-2016-10740 MEDIUM
Atlassian Crowd < 2.10.1 - Authenticated LDAP Password Exposure via Admin Resource Access
CVSS 4.9
CVE-2016-4644 MEDIUM
Apple tvOS < 9.2.2, iOS < 9.3.3, macOS 10.11.0-10.11.5 - Keychain Credential Exposure via HTTP Auth Downgrade
CVSS 6.5
CVE-2016-4643 MEDIUM
Apple tvOS < 9.2.2, iOS < 9.3.3, and macOS 10.11.0-10.11.5 - Unauthorized Information Exposure via 407 Response Parsing
CVSS 6.5
CVE-2016-0715 MEDIUM
Pivotal Cloud Foundry Elastic Runtime <1.4.0-1.6.11 - Info Disclosure
CVSS 5.9
CVE-2016-7047 MEDIUM
CloudForms Management Engine 5.6-5.6.3.0 - Exposure of Sensitive Information via MiqReportResults API
CVSS 4.3
CVE-2016-7061 LOW
JBoss Enterprise Application Platform < 7.0.4 - Sensitive Information Exposure to Monitor Role
CVSS 3.5
CVE-2016-7078 MEDIUM
Foreman < 1.15.0 - Improper Authorization in Organizations and Locations Feature
CVSS 4.3
CVE-2016-7077 MEDIUM
Foreman < 1.14.0 - Unauthenticated Information Disclosure via Form Helper
CVSS 4.3
CVE-2016-0205 LOW
IBM Cloud Orchestrator <2.4.0.1 - Privilege Escalation
CVSS 3.3
CVE-2016-8637 MEDIUM
dracut < 045 - Local Information Disclosure via World-Readable Initramfs Files
CVSS 5.0
CVE-2016-5649 CRITICAL
Netgear DGN2200-V1.0.0.50_7.0.50 & DGND3700-V1.0.0.17_1.0.17 - Info...
CVSS 9.8
CVE-2016-5638 HIGH
Netgear WNDR4500 V1.0.1.40_1.0.6877 - Info Disclosure
CVSS 7.5
CVE-2016-10727 CRITICAL
Canonical Ubuntu Linux < 3.21.2 - Information Disclosure
CVSS 9.8
CVE-2016-9499 MEDIUM
Accellion FTP Server < FTA_9_12_220 - Username Enumeration via Invalid Login Response
CVSS 5.3
CVE-2016-9491 MEDIUM
ManageEngine Applications Manager 12-13 < 13690 - Authenticated XML External Entity Injection
CVSS 4.9
CVE-2016-6548 CRITICAL
nutspace nut_mobile - Unauthenticated Exposure of Sensitive Information via HTTP Session Token Transmission
CVSS 9.8
CVE-2016-6547 HIGH
nutspace nut_mobile - Cleartext Password Storage in cache.db
CVSS 7.8
CVE-2016-6546 HIGH
iTrack Easy - Info Disclosure
CVSS 7.8
CVE-2016-6542 LOW
iTrackEasy - Improper Input Validation in Device Tracking ID
CVSS 3.7
CVE-2016-0708 MEDIUM
Cloud Foundry v166-v227 - Info Disclosure
CVSS 5.9
Details
Vulnerabilities 10,178
Exploit Likelihood High