CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-0286 HIGH
IBM Tivoli Business Service Manager <6.1.0-TIV-BSM-FP0004, <6.1.1-T...
CVSS 8.8
CVE-2016-0275 LOW
IBM Financial Transaction Manager 2.1.1.2/3.0.0.x < fp0013 - Sensitive Info Exposure via Cacheable HTTPS
CVSS 3.3
CVE-2016-0299 MEDIUM
IBM TRIRIGA Application Platform <3.3.2.6, <3.4.2.3, <3.5.0.1 - Inf...
CVSS 5.3
CVE-2016-0367 MEDIUM
IBM Security Identity Manager Virtual Appliance <7.0.1.3 - Info Dis...
CVSS 4.3
CVE-2016-0366 LOW
IBM Security Identity Manager Virtual Appliance <7.0.1.3 - Info Dis...
CVSS 3.7
CVE-2016-0351 LOW
IBM Security Identity Manager Virtual Appliance <7.0.1.3-ISS-SIM-IF...
CVSS 3.7
CVE-2016-0345 MEDIUM
IBM TRIRIGA Application Platform <3.3.2.6, <3.4.2.3, <3.5.0.1 - Inf...
CVSS 4.3
CVE-2016-0343 MEDIUM
IBM TRIRIGA Application Platform <3.3.2.6, <3.4.2.3, <3.5.0.1 - Inf...
CVSS 4.3
CVE-2016-8531 MEDIUM
HPE Matrix Operating Environment <7.6 - Info Disclosure
CVSS 5.3
CVE-2016-8525 HIGH
HPE iMC PLAT <7.2 E0403P06 - Info Disclosure
CVSS 7.5
CVE-2016-8514 MEDIUM
HPE Version Control Repository Manager < 7.6 - Exposure of Sensitive Information
CVSS 6.5
CVE-2016-3954 MEDIUM
web2py < 2.14.2 - Unauthenticated Exposure of Sensitive Information via Status Endpoint
CVSS 5.5
CVE-2016-0312 HIGH
IBM TRIRIGA <3.3.2 - Info Disclosure
CVSS 7.5
CVE-2016-10702 MEDIUM
Pebble Firmware < 4.3 - Unauthorized Data Access via UUID Manipulation
CVSS 6.1
CVE-2016-6024 MEDIUM
IBM Rational Quality Manager - Exposure of Sensitive Information via Error Messages
CVSS 4.3
CVE-2016-1265 CRITICAL
Juniper Networks Junos Space <15.1R3 - RCE
CVSS 9.8
CVE-2016-3086 CRITICAL
Apache Hadoop 2.6.0-2.6.4 and 2.7.0-2.7.2 - Unauthorized Sensitive Information Exposure via YARN NodeManager
CVSS 9.8
CVE-2016-5001 MEDIUM
Apache Hadoop < 2.6.4 and 2.7.0-2.7.1 - Unauthorized File Read via Short-Circuit Reads Token Guessing
CVSS 5.5
CVE-2016-2978 LOW
IBM Sametime 8.5.2 and 9.0 - Exposure of Sensitive Information via Browser Cache
CVSS 3.3
CVE-2016-2976 MEDIUM
IBM Sametime 8.5.2, 9.0 - Exposure of Sensitive Information via Meeting Report History
CVSS 4.3
CVE-2016-2974 LOW
IBM Sametime 8.5.2 and 9.0 - Exposure of Sensitive Information via Uninstall Process
CVSS 3.3
CVE-2016-2966 MEDIUM
IBM Sametime 8.5.1 and 9.0 - Authenticated Meeting Room Enumeration via ID Guessing
CVSS 4.3
CVE-2016-2964 MEDIUM
IBM Sametime 8.5.2 and 9.0 - Information Disclosure via Detailed Error Messages
CVSS 5.3
CVE-2016-0358 MEDIUM
IBM Sametime <9.0 - Info Disclosure
CVSS 4.3
CVE-2016-2971 MEDIUM
IBM Sametime 8.5.2 and 9.0 - Exposure of Sensitive Information in Stack Trace Error Logs
CVSS 5.3
Details
Vulnerabilities 10,178
Exploit Likelihood High