CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-2969 MEDIUM
IBM Sametime 8.5.2-9.0.1 - Unauthorized Exposure of Sensitive Email Information
CVSS 4.3
CVE-2016-2970 MEDIUM
IBM Sametime 8.5-9.0 - Information Disclosure via Error Message
CVSS 4.3
CVE-2016-6311 MEDIUM
JBoss Enterprise Application Platform 7 - Exposure of Sensitive Information via GET Requests
CVSS 5.3
CVE-2016-6310 MEDIUM
oVirt Engine <4.0 - Info Disclosure
CVSS 5.5
CVE-2016-5858 MEDIUM
Qualcomm Products - Info Disclosure
CVSS 4.7
CVE-2016-5855 MEDIUM
Qualcomm MSM and QRD Android - Exposure of Sensitive Information via Buffer Casting
CVSS 4.7
CVE-2016-5854 MEDIUM
Qualcomm Products - Info Disclosure
CVSS 4.7
CVE-2016-5347 MEDIUM
Google Android - Information Disclosure
CVSS 4.7
CVE-2016-6029 MEDIUM
IBM Emptoris Strategic Supply Management Platform <10.1 - Info Disc...
CVSS 5.9
CVE-2016-6220 HIGH
Trend Micro Control Manager SP3 6.0 - Info Disclosure
CVSS 7.5
CVE-2016-6018 MEDIUM
IBM Emptoris Contract Management <10.2 - Info Disclosure
CVSS 4.3
CVE-2016-8964 CRITICAL
IBM BigFix Inventory <9.2 - Info Disclosure
CVSS 9.8
CVE-2016-9700 MEDIUM
IBM Rational Collaborative Lifecycle Management - Sensitive Information Exposure via Error Messages
CVSS 4.3
CVE-2016-0238 LOW
IBM Security Guardium <10.2 - Info Disclosure
CVSS 3.7
CVE-2016-5045 HIGH
NetApp OnCommand System Manager - Exposure of Sensitive Credentials via Cluster Peering Setup
CVSS 8.1
CVE-2016-6083 MEDIUM
IBM Tivoli Monitoring V6 - Info Disclosure
CVSS 5.3
CVE-2016-5893 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2 - Info Disclosure
CVSS 5.5
CVE-2016-9983 MEDIUM
IBM Sterling B2B Integrator 5.2 - Authenticated Exposure of Sensitive Information
CVSS 5.3
CVE-2016-9982 MEDIUM
IBM Sterling B2B Integrator 5.2 - Authenticated Sensitive Information Exposure via Improper Access Control
CVSS 6.5
CVE-2016-10362 MEDIUM
Logstash < 5.0.1 - Sensitive Information Exposure via Elasticsearch Output Plugin
CVSS 6.5
CVE-2016-1000221 HIGH
Logstash < 2.3.4 - Sensitive Information Exposure via Elasticsearch Output Plugin
CVSS 7.5
CVE-2016-10339 HIGH
Android - Unauthorized Exposure of Sensitive Information via Secure Memory Overwrite
CVSS 7.1
CVE-2016-3696 MEDIUM
Pulp <2.8.5 - Info Disclosure
CVSS 5.5
CVE-2016-7832 MEDIUM
Cybozu Dezie 8.0.0-8.1.1 - Unauthenticated Arbitrary File Read via DBM File Access Bypass
CVSS 5.3
CVE-2016-7814 HIGH
I-O DATA TS-WRLP and TS-WRLA <= 1.00.01 - Exposure of Sensitive Information
CVSS 7.5
Details
Vulnerabilities 10,178
Exploit Likelihood High