CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,190 vulnerabilities with CWE-200
CVE-2015-6727
MediaWiki < 1.23.10, 1.24.x < 1.24.3, 1.25.x < 1.25.2 - IP Autoblock Status Exposure
CVE-2015-6747
Basware Banking < 8.90.07 - Exposure of Sensitive Information via Private Key Access
CVE-2015-6746
Basware Banking < 8.90.07 - Plaintext Private Key Storage
CVE-2015-0943
Basware Banking < 8.90.07 - Exposure of Sensitive Information via Unencrypted Client-Server Communication
CVE-2015-5697
Linux kernel <4.1.6 - Info Disclosure
CVE-2015-5430
HP Matrix Operating Environment <7.5.0 - Info Disclosure
CVE-2015-5403
HP Systems Insight Manager <7.5.0 - Info Disclosure
CVE-2015-2139
HP Systems Insight Manager < 7.4 - Authenticated Exposure of Sensitive Information
CVE-2015-5411
HP Version Control Repository Manager < 7.4.0 - Authenticated Exposure of Sensitive Information
CVE-2015-6261
Cisco TelePresence VCS Expressway X8.5.2 - Sensitive Info Exposure via TFTP
CVE-2015-3269
Adobe LiveCycle Data Services <4.7 - XXE
CVE-2015-6661
Drupal 6.x < 6.37 and 7.x < 7.39 - Unauthenticated Sensitive Node Title Exposure via Menu
CVE-2015-3238 MEDIUM
Linux-PAM <1.2.1 - DoS/Info Disclosure
CVSS 6.5
CVE-2015-2018
IBM Integration Bus 9-10 & WebSphere Message Broker 7-8 - Sensitive Information Exposure
CVE-2015-4950
IBM Tivoli Storage Manager for Mail - Unauthorized Mailbox Access via Duplicate Alias
CVE-2015-6557
IBM Tivoli Storage FlashCopy Manager 3.1-3.1.1.4, 3.2-3.2.1.6, 4.1-4.1.1 Sensitive Info Exposure
CVE-2015-4949
IBM Tivoli Storage Manager <7.1.2 & FlashCopy Manager <4.1.2 - Cleartext Password Exposure
CVE-2015-1932
IBM Websphere Virtual Enterprise < 7.0.0.6 - Information Disclosure
CVE-2015-4537
EMC Documentum D2 < 4.4 - Authenticated Exposure of Sensitive Information via Hardcoded Lockbox Passphrase
CVE-2015-4536
EMC Documentum Content Server < 7.0 P20, 7.1 < P18, 7.2 < P02 - Sensitive Info Exposure via RPC Trace Log
CVE-2015-4320
Cisco TelePresence VCS Expressway X8.5.2 - Authenticated Sensitive Info Exposure via Config Log
CVE-2015-4314
Cisco TelePresence VCS Expressway X8.5.1 - Authenticated Sensitive Info Exposure via Snapshot
CVE-2015-5163
OpenStack Glance 2015.1.x < 2015.1.2 - Authenticated Arbitrary File Read via QCOW2 Backing File
CVE-2015-4308
Cisco Edge Bluebird Operating System 1.2 - Authenticated Sensitive Information Exposure via WebGUI Configuration Export
CVE-2015-5506
Apache Solr Real-Time <7.x-1.2 - Info Disclosure
Details
Vulnerabilities 10,190
Exploit Likelihood High