CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-9736 MEDIUM
IBM WebSphere Application Server - Exposure of Sensitive Information via Malformed SOAP Request
CVSS 5.3
CVE-2016-8987 MEDIUM
IBM Maximo Asset Mgmt <7.6 - Info Disclosure
CVSS 4.3
CVE-2016-5416 HIGH
Red Hat Enterprise Linux 6-7 - Unauthenticated Exposure of Sensitive Information via 389 Directory Server
CVSS 7.5
CVE-2016-4992 HIGH
Redhat Enterprise Linux Desktop - Information Disclosure
CVSS 7.5
CVE-2016-3095 MEDIUM
Fedora < 2.8.1 - Information Disclosure
CVSS 5.5
CVE-2016-3111 MEDIUM
pulp < 2.8.2-1 - Exposure of Sensitive Information via World-Readable RSA Key Directory
CVSS 5.5
CVE-2016-9710 MEDIUM
IBM Cognos Business Intelligence - Exposure of Sensitive Information via Arbitrary File Inclusion
CVSS 5.3
CVE-2016-8939 MEDIUM
IBM Tivoli Storage Manager - Info Disclosure
CVSS 5.5
CVE-2016-5960 MEDIUM
IBM Security Privileged Identity Manager <2.1.0 - Info Disclosure
CVSS 5.5
CVE-2016-5959 MEDIUM
IBM Security Privileged Identity Manager <2.1.0 - Info Disclosure
CVSS 5.3
CVE-2016-3066 MEDIUM
spice-gtk - Authenticated Exposure of Sensitive Information via Host Clipboard
CVSS 6.5
CVE-2016-8230 HIGH
Lenovo Service Bridge <4 - Info Disclosure
CVSS 7.5
CVE-2016-7977 MEDIUM
Ghostscript < 9.20 - Arbitrary File Read via .libfile Operator
CVSS 5.5
CVE-2016-10073 HIGH
Vanilla Forums <2.3.1 - Info Disclosure
CVSS 7.5
CVE-2016-9735 MEDIUM
IBM Rational Collaborative Lifecycle Management - Authenticated Sensitive Information Exposure via Stack Trace
CVSS 4.3
CVE-2016-8741 HIGH
Apache Qpid Broker for Java <6.0.6, <6.1.1 - Info Disclosure
CVSS 7.5
CVE-2016-4839 MEDIUM
Money Forward Android Apps - Exposure of Sensitive Information via WebView Implementation
CVSS 5.5
CVE-2016-10296 MEDIUM
Linux Kernel - Information Disclosure via Qualcomm Shared Memory Driver
CVSS 4.7
CVE-2016-10295 MEDIUM
Linux Kernel - Information Disclosure in Qualcomm LED Driver
CVSS 4.7
CVE-2016-10294 MEDIUM
Linux Kernel - Information Disclosure in Qualcomm Power Driver
CVSS 4.7
CVE-2016-10293 MEDIUM
Linux Kernel - Information Disclosure in Qualcomm Video Driver
CVSS 4.7
CVE-2016-8916 MEDIUM
IBM Tivoli Storage Manager <7.1 - Info Disclosure
CVSS 5.5
CVE-2016-0382 MEDIUM
IBM Tealeaf Consumer Experience <9.0 - Info Disclosure
CVSS 4.0
CVE-2016-5810 MEDIUM
Advantech WebAccess <8.1_20160519 - Info Disclosure
CVSS 4.9
CVE-2016-5006 CRITICAL
Cloud Foundry < 238.0 and Elastic Runtime < 1.6.32 - Exposure of Sensitive Information via Service Object Logging
CVSS 9.8
Details
Vulnerabilities 10,178
Exploit Likelihood High