CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,186 vulnerabilities with CWE-200
CVE-2015-9169 HIGH
Qualcomm Snapdragon Mobile and Wear Firmware - Exposure of Sensitive Information via QSEE App Buffer Over-Read
CVSS 7.5
CVE-2015-9163 HIGH
Qualcomm Multiple Chipsets Firmware - Exposure of Sensitive Information via PlayReady Function
CVSS 7.5
CVE-2015-9123 HIGH
Qualcomm MDM9206 and related firmware - Exposure of Sensitive Information via AES Key Zeroization Bypass
CVSS 7.5
CVE-2015-9119 HIGH
Qualcomm MDM9206 and Snapdragon Firmware - Exposure of Sensitive Information via QMI Response
CVSS 7.5
CVE-2015-0152 CRITICAL
D-Link DIR-815 Firmware < 2.07.b01 - Unauthenticated Sensitive Information Exposure via Cleartext Password Storage
CVSS 9.8
CVE-2015-1957 MEDIUM
IBM WebSphere MQ 7.5-7.5.0.5 & 8.0-8.0.0.2 - Sensitive Info Exposure via Cleartext Message Duplication
CVSS 5.3
CVE-2015-0172 HIGH
IBM Security SiteProtector System 3.0, 3.1.0, 3.1.1 - Exposure of Sensitive Information and Command Execution
CVSS 7.5
CVE-2015-5016 MEDIUM
IBM Maximo Asset Management 7.1, 7.5, 7.6 - Authenticated Exposure of Sensitive Information via Ticket Worklog Access
CVSS 4.3
CVE-2015-7434 HIGH
IBM Capacity Management Analytics <2.1.0.0 - Info Disclosure
CVSS 7.8
CVE-2015-7433 HIGH
IBM Capacity Management Analytics <2.1.0.0 - Info Disclosure
CVSS 7.8
CVE-2015-7432 HIGH
IBM Capacity Management Analytics 2.1.0.0 - Info Disclosure
CVSS 7.8
CVE-2015-7424 MEDIUM
IBM InfoSphere MDM - Collaborative Edition <11.6 - Auth Bypass
CVSS 4.3
CVE-2015-7401 MEDIUM
IBM Curam Social Program Management <6.1.1.1 - Auth Bypass
CVSS 4.3
CVE-2015-5045 LOW
IBM Rational License Key Server - Exposure of Sensitive Information via Administration and Reporting Tool
CVSS 3.3
CVE-2015-7449 LOW
IBM Rational <4.0.7-6.0.2 - Privilege Escalation
CVSS 3.3
CVE-2015-9256 MEDIUM
Datto ALTO and SIRIS Firmware - Unauthorized Sensitive Information Exposure via Restore Mount Points
CVSS 5.3
CVE-2015-9255 MEDIUM
Datto ALTO and SIRIS Firmware - Unauthenticated Sensitive Information Exposure via Web Virtual Directory
CVSS 5.3
CVE-2015-1418 HIGH
GNU patch <2.7.6 - Command Injection
CVSS 7.8
CVE-2015-2204 HIGH
Evergreen <2.5.9, 2.6.x<2.6.7, 2.7.x<2.7.4 - Sensitive Information Exposure
CVSS 7.5
CVE-2015-2203 MEDIUM
Evergreen 2.5.9, 2.6.7, 2.7.4 - Authenticated Exposure of Sensitive Settings History
CVSS 6.5
CVE-2015-7484 MEDIUM
IBM Rational Engineering Lifecycle Manager <4.0.7 - Info Disclosure
CVSS 4.3
CVE-2015-2298 HIGH
Etherpad 1.5.x - Exposure of Sensitive Information via PadID Export
CVSS 7.5
CVE-2015-8470 MEDIUM
Puppet Enterprise <3.7.x-2015.2.x - Info Disclosure
CVSS 6.5
CVE-2015-5173 HIGH
Cloud Foundry Runtime cf-release < 216 - Exposure of Sensitive Information via Password Recovery Email Referer Leakage
CVSS 8.8
CVE-2015-6668 HIGH
Job Manager < 0.7.24 - Unauthenticated Sensitive Information Exposure via CV File Brute Force
CVSS 7.5
Details
Vulnerabilities 10,186
Exploit Likelihood High