CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,182 vulnerabilities with CWE-200
CVE-2016-2894 LOW
IBM Spectrum Protect 5.5-6.3 < 6.3.2.6, 6.4 < 6.4.3.3, 7.1 < 7.1.6 - Unauthorized Sensitive Data Exposure via Symlink
CVSS 2.5
CVE-2016-1337 HIGH
Cisco EPC3928 Firmware - Unauthenticated Sensitive Information Exposure via Boot Process Requests
CVSS 8.1
CVE-2016-5739 HIGH
phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - CSRF
CVSS 7.5
CVE-2016-5730 MEDIUM
phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - Info Disclosure
CVSS 5.3
CVE-2016-2079 MEDIUM
VMware NSX Edge 6.1-6.1.7 and 6.2-6.2.3 and vCNS Edge 5.5-5.5.4.3 - Exposure of Sensitive Information via SSL-VPN
CVSS 5.9
CVE-2016-3956 HIGH
npm <2.15.1,3.x <3.8.3 - Info Disclosure
CVSS 7.5
CVE-2016-2961 MEDIUM
IBM Integration Bus 9-10 and WebSphere Message Broker 8 - Sensitive Information Exposure via Malformed POST Request
CVSS 5.3
CVE-2016-2882 MEDIUM
IBM TRIRIGA 3.3-3.3.2.5, 3.4-3.4.2.3, 3.5-3.5.0.1 - Sensitive Info Exposure via HTTP
CVSS 4.3
CVE-2016-2861 LOW
IBM WebSphere eXtreme Scale Sensitive Information Exposure via Improper Data Encryption
CVSS 3.7
CVE-2016-0365 MEDIUM
IBM UrbanCode Deploy <6.0.1.13, <6.1.3.3, <6.2.1.1 - Auth Bypass
CVSS 5.9
CVE-2016-0364 MEDIUM
IBM UrbanCode Deploy <6.0.1.13-6.2.1.1 - Info Disclosure
CVSS 4.3
CVE-2016-5306 MEDIUM
Symantec Endpoint Protection Manager < 12.1.6 - Exposure of Sensitive Information via Missing HSTS Enforcement
CVSS 5.3
CVE-2016-3651 HIGH
Symantec Endpoint Protection Manager <12.1 - Info Disclosure
CVSS 8.0
CVE-2016-3650 HIGH
Symantec Endpoint Protection Manager <12.1 - Info Disclosure
CVSS 8.8
CVE-2016-3649 MEDIUM
Symantec Endpoint Protection Manager <12.1 - Info Disclosure
CVSS 4.3
CVE-2016-3648 HIGH
Symantec Endpoint Protection Manager <12.1 - Auth Bypass
CVSS 8.8
CVE-2016-4474 HIGH
Red Hat OpenStack Platform 8.0 & RHEL OpenStack 7.0 - Default Root Password Exposure
CVSS 8.8
CVE-2016-5835 HIGH
WordPress < 4.5.2 - Exposure of Sensitive Revision-History Information via Post Reading
CVSS 7.5
CVE-2016-0298 MEDIUM
IBM Security Guardium Database Activity Monitor <10 - Path Traversal
CVSS 6.5
CVE-2016-0267 HIGH
IBM UrbanCode Deploy <6.0.1.13-6.2.1.1 - Info Disclosure
CVSS 7.7
CVE-2016-5244 HIGH
Fedora < 4.6.3 - Information Disclosure
CVSS 7.5
CVE-2016-5243 MEDIUM
Linux Kernel < 4.6.3 - Information Disclosure via TIPC Netlink Message Handling
CVSS 5.5
CVE-2016-0259 LOW
IBM WebSphere MQ <8.0.0.5 - Auth Bypass
CVSS 2.5
CVE-2016-1193 HIGH
Cybozu Garoon <4.2 - Info Disclosure
CVSS 7.5
CVE-2016-5722 HIGH
Huawei OceanStor V3 < V300R003C10 - Plaintext Session Token Exposure
CVSS 7.3
Details
Vulnerabilities 10,182
Exploit Likelihood High