CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,190 vulnerabilities with CWE-200
CVE-2015-1914
IBM Java 5.0.0.0-5.0.16.9 - Exposure of Sensitive Information via Java Virtual Machine Permission Bypass
CVE-2015-2141
Cryptopp Crypto++ Library - Information Disclosure
CVE-2015-1967
IBM WebSphere MQ - Exposure of Sensitive Information via Unencrypted MQ Explorer Session
CVE-2015-1951
IBM Maximo Asset Management 7.1-7.1.1.13, 7.5.0-7.5.0.8, 7.6.0-7.6.0.0 - Sensitive Info Exposure via HTTPS Caching
CVE-2015-1941
IBM Tivoli Storage Manager FastBack 6.1 - Unauthenticated Arbitrary File Read via Crafted TCP Packet
CVE-2015-4229
Cisco Unified Communications Domain Manager 8.1(4)ER1 - Exposure of Sensitive Information via bvsmweb URL
CVE-2015-1972
IBM Tivoli Security Directory Server 6.0-6.4 - Exposure of Sensitive Information via Crafted POST Request
CVE-2015-1901
IBM InfoSphere Information Server 8.5-11.3 - Exposure of Sensitive Information via Installer
CVE-2015-4217
Cisco Web, Email, and Security Management Virtual Appliances - Sensitive Information Exposure via Default SSH Keys
CVE-2015-4216
Cisco Web/Email/Security Management Virtual Appliance - Unauthenticated SSH Key Info Exposure
CVE-2015-1851
Canonical Ubuntu Linux < 2014.1.4 - Information Disclosure
CVE-2015-4219
Cisco ISE 1.0(4.573) & ACS <5.4(0.46.2) Sensitive Info Exposure via Support Bundle
CVE-2015-4218
Cisco Jabber <= 9.6(3) and 9.7 <= 9.7(5) - Exposure of Sensitive Information via GET Request
CVE-2015-4214
Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) - Authenticated Cleartext Password Exposure via HTML Source Code
CVE-2015-4213
Cisco NX-OS 1.1(1g) - Authenticated Cleartext Password Exposure via Decryption Mechanism
CVE-2015-4212
Cisco WebEx Meeting Center - Exposure of Sensitive Information
CVE-2015-4208
Cisco WebEx Meeting Center - Exposure of Sensitive Information via URL Parameter
CVE-2015-4209
Cisco WebEx Meeting Center - Unauthorized Sensitive Information Exposure via Calendar Request
CVE-2015-4207
Cisco WebEx Meeting Center - Unauthenticated Sensitive Meeting Access Information Exposure
CVE-2015-3236
cURL & libcurl <7.43 - Info Disclosure
CVE-2015-3231
Drupal 7.x < 7.38 - Authenticated Exposure of Sensitive Information via Render Cache
CVE-2015-4202
Cisco IOS 12.2SCH - Exposure of Sensitive Information via IPDR Service
CVE-2015-4194
Cisco WebEx Meeting Center - Unauthenticated Sensitive Information Exposure via Login Error Messages
CVE-2015-3010
ceph-deploy < 1.5.23 - Unauthorized Exposure of Sensitive Information via Weak Keyring Permissions
CVE-2015-2804
Alcatel-Lucent OmniSwitch Firmware < 6.4.5.r02 - Session Hijacking via Weak Session ID
Details
Vulnerabilities 10,190
Exploit Likelihood High