CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-6650 HIGH
EMC RecoverPoint <5.0 - SSL Stripping
CVSS 7.5
CVE-2016-9697 LOW
IBM Rational Rhapsody Design Manager 4.0-6.0 - JSON Hijacking Information Exposure
CVSS 3.1
CVE-2016-9165 HIGH
CA Unified Infrastructure Management <8.5 - Info Disclosure
CVSS 7.5
CVE-2016-2981 MEDIUM
IBM Rational Collaborative Lifecycle Management - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 6.8
CVE-2016-8016 LOW
Intel Security VirusScan Enterprise Linux <2.0.3 - Info Disclosure
CVSS 3.4
CVE-2016-8747 HIGH
Apache Tomcat <9.0.0.M16 - Info Disclosure
CVSS 7.5
CVE-2016-5894 MEDIUM
IBM WebSphere Commerce <8.0 - Info Disclosure
CVSS 5.1
CVE-2016-8483 MEDIUM
Android Kernel 3.10 - Info Disclosure
CVSS 5.5
CVE-2016-8478 MEDIUM
Android Kernel 3.18 - Info Disclosure
CVSS 4.7
CVE-2016-8477 MEDIUM
Android Kernel 3.10/3.18 - Info Disclosure
CVSS 4.7
CVE-2016-8416 MEDIUM
Android Kernel 3.18 - Info Disclosure
CVSS 4.7
CVE-2016-8413 MEDIUM
Android Kernel 3.10/3.18 - Info Disclosure
CVSS 4.7
CVE-2016-9725 MEDIUM
IBM QRadar SIEM - Exposure of Sensitive Information via CORS Misconfiguration
CVSS 5.3
CVE-2016-9720 MEDIUM
IBM QRadar Incident Forensics - Exposure of Sensitive Information
CVSS 5.3
CVE-2016-8940 HIGH
IBM Tivoli Storage Manager <7.1 - SQL Injection
CVSS 8.8
CVE-2016-4950 HIGH
Cloudera Manager < 5.5.0 - Unauthenticated User Session Enumeration via API Endpoint
CVSS 7.5
CVE-2016-4949 HIGH
Cloudera Manager < 5.5.0 - Exposure of Sensitive Information via Log File Parameter
CVSS 7.5
CVE-2016-4947 MEDIUM
Cloudera HUE < 3.9.0 - User Account Enumeration via Autocomplete API
CVSS 5.3
CVE-2016-3127 HIGH
BlackBerry Good Control Server < 2.3.53.62 - Unauthorized Sensitive Information Exposure via Diagnostic Log Files
CVSS 7.5
CVE-2016-7409 MEDIUM
Dropbear SSH < 2016.73 - Exposure of Sensitive Information via Debug Trace Argument
CVSS 5.5
CVE-2016-6883 MEDIUM
MatrixSSL < 3.8.2 - Exposure of Sensitive Information via Bleichenbacher Variant Attack
CVSS 5.9
CVE-2016-6882 MEDIUM
MatrixSSL < 3.8.7 - Exposure of Sensitive Information via Lenstra Side-Channel Attack
CVSS 5.9
CVE-2016-8507 MEDIUM
Yandex Browser for iOS <16.10.0.2357 - Info Disclosure
CVSS 6.5
CVE-2016-4042 MEDIUM
Plone 3.3-5.1a1 - Unauthorized Information Disclosure of Content IDs
CVSS 5.3
CVE-2016-3052 MEDIUM
IBM WebSphere MQ < 8.0.0.5 - Exposure of Sensitive Information via Cleartext Password Transmission
CVSS 5.9
Details
Vulnerabilities 10,178
Exploit Likelihood High