CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,190 vulnerabilities with CWE-200
CVE-2015-8095
Monster Menos <7.x-1.24 - Info Disclosure
CVE-2015-7940
Bouncy Castle Java <1.51 - Code Injection
CVE-2015-5730
WordPress < 4.2.4 - Timing Side-Channel Attack via Widget Instance Sanitization
CVE-2015-7412
IBM DataPower Gateways <7.2.0.1 - Info Disclosure
CVE-2015-5015
IBM WebSphere Commerce Enterprise < 7.0.0.9 and 8.x - Exposure of Sensitive Information via REST URL
CVE-2015-4940
Apache Ambari < 2.0.2 - Cleartext Password Exposure in Configuration File
CVE-2015-4928
Apache Ambari < 2.0.2 - Exposure of Sensitive Information via Cleartext Password Display
CVE-2015-1999
IBM Security QRadar Incident Forensics 7.2.x - Exposure of Sensitive Information via Session ID in URL
CVE-2015-1996
IBM QRadar Incident Forensics 7.2.x < 7.2.5 Patch 5 - Sensitive Information Exposure via HTTPS Caching
CVE-2015-1994
IBM QRadar Incident Forensics 7.2.x < 7.2.5 Patch 5 - Sensitive Information Exposure via Missing HTTPOnly Flag
CVE-2015-8081
Field as Block <7.x-1.4 - Info Disclosure
CVE-2015-7763
OpenAFS <1.6.15-1.7.33 - Info Disclosure
CVE-2015-7762
OpenAFS <1.6.15 and 1.7.x <1.7.33 - Info Disclosure
CVE-2015-7195
Firefox < 41.0.2 - Exposure of Sensitive Information via Location Header Hostname Parsing
CVE-2015-7190
Firefox < 41.0.2 - Exposure of Sensitive Information via Search Feature Intent
CVE-2015-7186
Firefox < 41.0.2 - Same Origin Policy Bypass via file: URL in Saved HTML Document
CVE-2015-4515
Firefox < 41.0.2 - Hostname Information Exposure via NTLM v1 Authentication
CVE-2015-6355
Cisco Unified Computing System 2.2(5b)A - Information Disclosure via Web Interface
CVE-2015-8074
Android < 5.1.1 - Information Exposure in mediaserver
CVE-2015-6611
Android < 5.1.1 LMY48X and 6.0 < 2015-11-01 - Exposure of Sensitive Information in mediaserver
CVE-2015-6352
Cisco Unified Communications Domain Manager - Information Disclosure via Pathname Error Messages
CVE-2015-6344
Cisco ASA CX Context-Aware Security 9.3(4.1.11) - Authenticated Sensitive Information Exposure
CVE-2015-7859
Joomla! 3.2-3.4.4 - Unauthorized Sensitive Information Exposure via com_contenthistory Component
CVE-2015-7902
Mango Automation <2.6.0-430 - Info Disclosure
CVE-2015-7900
Infinite Automation Mango Automation <2.6.0-430 - Info Disclosure
Details
Vulnerabilities 10,190
Exploit Likelihood High