CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,191 vulnerabilities with CWE-200
CVE-2015-1089
macOS < 10.10.3 and iOS < 8.3 - Same Origin Policy Bypass via CFNetwork Cookie Handling
CVE-2015-3030
McAfee MATD <3.4.4.63 - Info Disclosure
CVE-2015-1602
Siemens SIMATIC STEP 7 (TIA Portal) <13 SP1 Upd1 - Info Disclosure
CVE-2015-1890
IBM General Parallel File System 4.1 - Exposure of Sensitive Information via gpfs.snap Archive
CVE-2015-0777
Xen - Information Exposure via Uninitialized Memory in usbback Driver
CVE-2015-0992
Inductive Automation Ignition 7.7.2 - Info Disclosure
CVE-2015-0991
Inductive Automation Ignition 7.7.2 - Info Disclosure
CVE-2015-0902
Semper Fi All in One SEO Pack < 2.2.5.1 - Exposure of Sensitive Information via Meta Description Field
CVE-2015-0683
Cisco Unified Communications Domain Manager 8.1(4) - Authenticated Sensitive Information Exposure via File Inclusion
CVE-2015-2817
SAP NetWeaver 7.40 - Exposure of Sensitive Information via ReadProfile Parameters
CVE-2015-0800
Firefox < 36.0.4 - DNS Spoofing via Predictable PRNG in DNS Resolver
CVE-2015-2809
Synology DiskStation Manager < 3.1 - Information Disclosure via mDNS Responder
CVE-2015-1892
IBM Security Access Manager for Web 7.x < 7.0.0.12 and 8.x < 8.0.1.1 - Information Exposure via mDNS Responder
CVE-2015-2108
HP Operations Orchestration 9.x-10.x - Authenticated Exposure of Sensitive Information
CVE-2015-0999
Schneider Electric InduSoft Web Studio <7.1.3.4 - Info Disclosure
CVE-2015-0998
Schneider Electric InduSoft Web Studio <7.1.3.4 - Info Disclosure
CVE-2015-0997
Schneider Electric InduSoft Web Studio <7.1.3.4 - Info Disclosure
CVE-2015-0996
Schneider Electric InduSoft Web Studio <7.1.3.4 SP3 Patch 4 - Info ...
CVE-2015-0680
Cisco Unified Call Manager 9.1(2.1000.28) - Authenticated Arbitrary File Read
CVE-2015-2771
Websense TRITON AP-EMAIL and V-Series < 8.0.0 - Plaintext Credential Exposure
CVE-2015-2762
Websense TRITON AP-WEB < 7.8.3 - Windows Domain User Account Enumeration via HTTP Authentication
CVE-2015-2157
Debian Linux - Information Disclosure
CVE-2015-2748
Websense TRITON AP-WEB < 8.0.0 - Unauthenticated Exposure of Sensitive Information via Direct Request
CVE-2015-0673
Cisco Mobility Services Engine 8.0(110.0) - Authenticated Sensitive Information Exposure via Log Files or GUI
CVE-2015-0527
EMC Documentum xCelerated Management System 1.1 - Cleartext Credential Exposure in Batch File
Details
Vulnerabilities 10,191
Exploit Likelihood High