CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,191 vulnerabilities with CWE-200
CVE-2015-0211
Moodle < 2.5.9, 2.6.x < 2.6.7, 2.7.x < 2.7.4, 2.8.x < 2.8.2 - Sensitive Information Exposure
CVE-2015-4138
Blue Coat SSL Visibility Appliance < 3.8.4 - Sensitive Information Exposure via Missing HTTPOnly Flag
CVE-2015-2855
Blue Coat SSL Visibility Appliance < 3.8.4 - Sensitive Information Exposure via Unsecured Cookie
CVE-2015-0758
Cisco Unified MeetingPlace 8.6(1.9) - XML External Entity Injection via Web Interface
CVE-2015-0745
Cisco Headend Digital Broadband Delivery System - Exposure of Sensitive Information via HTTP Request Header
CVE-2015-4069
Arcserve Unified Data Protection < 5.0 - Exposure of Sensitive Credentials via SOAP Request
CVE-2015-3995
SAP HANA DB 1.00.73.00.389160 - Authenticated Arbitrary File Read via IMPORT FROM SQL Statement
CVE-2015-0757
Cisco Identity Services Engine 1.2(1.901)/1.3(0.722) Sensitive Information Exposure
CVE-2015-0200
IBM WebSphere Commerce 6.x-6.0.0.11 and 7.x < 7.0.0.8 IF2 - Unauthorized Sensitive Database Information Exposure
CVE-2015-2121
HP Network Virtualization 8.61 and 11.52 - Arbitrary File Read via HttpServlet or NetworkEditorController
CVE-2015-0170
IBM Security SiteProtector 3.0-3.1.1 - Sensitive Data Exposure via Cached Data
CVE-2015-1915
IBM Endpoint Manager for Remote Control 9.0.1-9.1.0 - Session Cookie Exposure via Missing Secure Flag
CVE-2015-1909
IBM InfoSphere Master Data Management Server - XML External Entity Injection in Reference Data Management XML Parser
CVE-2015-3912
Huawei E355s Mobile WiFi < 22.158.45.02.625 & WEBUI < 13.100.04.01.625 - Sensitive Info Exposure via Network Sniffing
CVE-2015-3999
Piriform CCleaner 3.26.0.1988-5.02.5101 - Unauthorized Sensitive Information Exposure via File Overwrite
CVE-2015-2718
Opensuse < 37.0.2 - Information Disclosure
CVE-2015-2711
Opensuse < 37.0.2 - Information Disclosure
CVE-2015-3092
Adobe Flash Player <13.0.0.289 & Adobe AIR <17.0.0.172 - Memory Cor...
CVE-2015-3091
Adobe Flash Player <13.0.0.289 & Adobe AIR <17.0.0.172 - Memory Cor...
CVE-2015-3058
Adobe Reader/Acrobat <10.1.14, <11.0.11 - Info Disclosure
CVE-2015-1716
Microsoft Windows Schannel - Information Disclosure via Weak Diffie-Hellman Ephemeral Key Lengths
CVE-2015-1692
Microsoft Internet Explorer <11 - Info Disclosure
CVE-2015-1686
Microsoft VBScript/JScript <5.9 - Auth Bypass
CVE-2015-1684
Microsoft VBScript <5.9 - Auth Bypass
CVE-2015-1680
Microsoft Windows - Privilege Escalation
Details
Vulnerabilities 10,191
Exploit Likelihood High