CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-6080 MEDIUM
WebSphere Message Broker - Info Disclosure
CVSS 5.3
CVE-2016-6034 MEDIUM
IBM Tivoli Storage Manager - Info Disclosure
CVSS 6.8
CVE-2016-5994 MEDIUM
IBM InfoSphere Information Server - Info Disclosure
CVSS 6.5
CVE-2016-5988 MEDIUM
IBM Security Privileged Identity Manager Virtual Appliance - Info D...
CVSS 6.5
CVE-2016-5966 MEDIUM
IBM Security Privileged Identity Manager Virtual Appliance - Info D...
CVSS 5.9
CVE-2016-5958 HIGH
IBM Security Privileged Identity Manager - Info Disclosure
CVSS 7.5
CVE-2016-5896 MEDIUM
IBM Maximo Asset Management - Info Disclosure
CVSS 5.3
CVE-2016-3045 LOW
IBM Security Access Manager for Web - Exposure of Sensitive Information via URL Parameters
CVSS 3.7
CVE-2016-3043 MEDIUM
IBM Security Access Manager - Exposure of Sensitive Information via Missing HTTP Strict Transport Security
CVSS 5.9
CVE-2016-3035 MEDIUM
IBM AppScan Source - Exposure of Sensitive Information via Testlinks
CVSS 5.3
CVE-2016-3024 MEDIUM
IBM Security Access Manager for Web 8.0 - Unauthorized Exposure of Sensitive Information via Local Web Page Storage
CVSS 4.0
CVE-2016-3023 MEDIUM
IBM Security Access Manager for Web 7.0 - Unauthenticated Exposure of Sensitive Information via Invalid File Names
CVSS 5.3
CVE-2016-3021 LOW
IBM Security Access Manager for Web 7.0 - Authenticated Sensitive Information Exposure via Error Message
CVSS 2.7
CVE-2016-2987 MEDIUM
IBM Rational DOORS Next Generation - Exposure of Sensitive Information via Administrative Deployment Parameters
CVSS 4.3
CVE-2016-0297 LOW
IBM Tivoli Endpoint Manager - Info Disclosure
CVSS 3.7
CVE-2016-9418 HIGH
MyBB Merge System < 1.8.8 - Exposure of Sensitive Information via ACP Backup Short Name
CVSS 7.5
CVE-2016-9414 HIGH
MyBB and MyBB Merge System < 1.8.7 - Exposure of Sensitive Information via Unprotected Upload Directory
CVSS 7.5
CVE-2016-9411 MEDIUM
MyBB and MyBB Merge System < 1.8.7 - Unauthenticated Installation Path Exposure via Admin Control Panel Mail Function
CVSS 5.3
CVE-2016-9410 HIGH
MyBB and MyBB Merge System < 1.8.7 - Exposure of Sensitive Database Information via Template Handling
CVSS 7.5
CVE-2016-6329 MEDIUM
OpenVPN < 2.3.14 - Exposure of Sensitive Information via Birthday Attack on 64-bit Block Ciphers
CVSS 5.9
CVE-2016-10181 HIGH
D-Link DWR-932B Firmware - Unauthenticated Exposure of Sensitive Information via qmiweb CfgType Parameter
CVSS 7.5
CVE-2016-10175 CRITICAL
NETGEAR WNR2000v5 Firmware < 1.0.0.34 - Unauthenticated Sensitive Information Exposure via BRS_netgear_success.html
CVSS 9.8
CVE-2016-8322 MEDIUM
Oracle FLEXCUBE <11.5.0 - Info Disclosure
CVSS 4.3
CVE-2016-8313 MEDIUM
Oracle FLEXCUBE <12.0.1 - Info Disclosure
CVSS 4.1
CVE-2016-8305 LOW
Oracle FLEXCUBE <12.2.0 - Physical Access
CVSS 2.1
Details
Vulnerabilities 10,178
Exploit Likelihood High