CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,190 vulnerabilities with CWE-200
CVE-2015-0987 CRITICAL
Omron CX-One CX-Programmer <9.6 - Info Disclosure
CVSS 10.0
CVE-2015-7322
Pulse Connect Secure < 7.1R22.1, 7.4, 8.0 < 8.0R11, 8.1 < 8.1R3 - Meeting ID Enumeration
CVE-2015-2025
IBM WebSphere eXtreme Scale 7.1.0-7.1.0.2 and 7.1.1 - Unauthenticated Sensitive Information Exposure via Session Cookie
CVE-2015-1933
IBM Maximo Asset Management Password Field Autocomplete Exposure
CVE-2015-0143
IBM OpenPages GRC Platform 6.2-6.2.1.1 7.0-7.1 - Authenticated Sensitive Information Exposure via Error Messages
CVE-2015-5711
TIBCO Managed File Transfer Internet Server < 7.2.5 - Authenticated Sensitive Information Exposure via HTTP Request
CVE-2015-6474
IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ - Cleartext Password Exposure via HTML Source Code
CVE-2015-6469
IBC Solar Danfoss TLX Pro+ and ServeMaster TLP+ - Unauthenticated Sensitive Information Exposure via Script Source Code
CVE-2015-4543
RSA Archer GRC 5.x < 5.5.3 - Authenticated Exposure of Sensitive Information via Cleartext Password Storage
CVE-2015-6303
Cisco Spark 2015-07-04 - Exposure of Sensitive Information via Improper Certificate Validation
CVE-2015-7327
Firefox < 40.0.3 - Unauthorized Sensitive Information Exposure via High Resolution Time API
CVE-2015-4519
Firefox < 41.0 - Unauthorized URL Exposure via Drag-and-Drop Image Action
CVE-2015-4503
Firefox < 40.0.3 - Information Disclosure via TCP Socket API
CVE-2015-6940
Pentaho Business Analytics and Data Integration - Exposure of Sensitive Information via GetResource Servlet
CVE-2015-6679
Adobe Flash Player < 18.0.0.241 and 19.x < 19.0.0.185 - Same Origin Policy Bypass and Information Disclosure
CVE-2015-5576
Adobe Flash Player <18.0.0.241-11.2.202.521 - Memory Corruption
CVE-2015-5572
Adobe Flash Player <18.0.0.241-11.2.202.521 - Auth Bypass
CVE-2015-5571
Adobe Flash Player <18.0.0.241-19.0.0.185 - CSRF
CVE-2015-7305
Scald 7.x-1.x < 7.x-1.5 - Unauthorized Sensitive Information Exposure via Debug Context
CVE-2015-5921
iPhone OS < 8.4.1 - Sensitive Information Exposure via Content-Disposition Header Mishandling
CVE-2015-5916
watchOS < 2.0.0 and iPhone OS < 8.4.1 - Unauthorized Exposure of Recent Transaction Information via Apple Pay
CVE-2015-5910
Apple Xcode < 6.4 - Unauthenticated Sensitive Information Exposure via Unencrypted Server Traffic
CVE-2015-5909
Xcode < 7.0 - Unauthenticated Exposure of Sensitive Build Information via Repository Email Lists
CVE-2015-5906
iPhone OS < 8.4.1 - Password Character Exposure via QuickType Prediction
CVE-2015-5898
Apple iOS < 9 - Exposure of Sensitive Information via CFNetwork Cache Encryption Key
Details
Vulnerabilities 10,190
Exploit Likelihood High