CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,190 vulnerabilities with CWE-200
CVE-2015-6052
Microsoft VBScript/JScript <5.8 - Auth Bypass
CVE-2015-6046
Microsoft Internet Explorer <11 - Info Disclosure
CVE-2015-2556
Microsoft SharePoint Server 2007 SP3 and 2010 SP2 - XML External Entity Injection in InfoPath Forms Services
CVE-2015-6328
Cisco Prime Collaboration Assurance 10.5(1) - Authenticated Arbitrary File Read via Crafted URL
CVE-2015-5443
HP 3PAR Service Processor - Info Disclosure
CVE-2015-4547
RSA Web Threat Detection < 5.1 - Authenticated Sensitive Information Exposure via Cleartext AnnoDB Password
CVE-2015-4929
IBM License Metric Tool 9 - Authenticated Exposure of Sensitive Information via REST API
CVE-2015-7761
Mail in Apple OS X <10.11 - Info Disclosure
CVE-2015-5923
iPhone OS < 9.0.1 - Unauthenticated Exposure of Sensitive Information via Lock Screen
CVE-2015-5901
Apple OS X <10.11 - Info Disclosure
CVE-2015-5893
Apple OS X <10.11 - Info Disclosure
CVE-2015-5884
Mail in Apple OS X <10.11 - Info Disclosure
CVE-2015-5878
Apple OS X <10.11 - Info Disclosure
CVE-2015-5870
Apple OS X <10.11 - Info Disclosure
CVE-2015-5865
IOGraphics <10.11 - Info Disclosure
CVE-2015-5864
IOAudioFamily <10.11 - Info Disclosure
CVE-2015-5854
Apple OS X <10.11 - Info Disclosure
CVE-2015-5853
Apple OS X <10.11 - Info Disclosure
CVE-2015-5836
Apple OS X <10.11 - Info Disclosure
CVE-2015-7314
gollum < 4.0.1 - Unauthenticated Arbitrary File Read via Precious Module
CVE-2015-5024
IBM Emptoris Sourcing 10.0.2.0-10.0.2.7, 10.0.4.x - Authenticated Exposure of Sensitive Supplier-Bid Information
CVE-2015-5022
IBM B2B Advanced Communications 1.0.0.2-1.0.0.3 - Authenticated Exposure of Sensitive Information via Response Fields
CVE-2015-4965
IBM Maximo Asset Management 7.1-7.1.1.13, 7.5.0-7.5.0.8, 7.6.0-7.6.0.1 - Authenticated Sensitive Info Exposure
CVE-2015-1015
Omron CX-One CX-Programmer <9.6 - Info Disclosure
CVE-2015-0988
Omron CX-One CX-Programmer <9.6 - Info Disclosure
Details
Vulnerabilities 10,190
Exploit Likelihood High