CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,191 vulnerabilities with CWE-200
CVE-2015-0628
Cisco Web Security Appliance - Exposure of Sensitive Information via Malformed HTTP Method
CVE-2015-1618
McAfee DLPe <9.3.400 - Info Disclosure
CVE-2015-1613
RhodeCode Enterprise < 2.2.6 - Authenticated Sensitive Information Exposure via API Methods
CVE-2015-0260
Kallithea < 0.2 and RhodeCode < 2.2.7 - Authenticated Exposure of Sensitive Information via get_repo API
CVE-2015-0875
Ogaki Kyoritsu Bank Smartphone Passbook 1.0.0 - Unauthenticated Exposure of Sensitive Information via Log File
CVE-2015-0519
EMC Captiva Capture 7.0-7.1 - Exposure of Sensitive Information via DAL Log File
CVE-2015-0517
EMC Documentum D2 3.1-SP1, 4.0-4.1 P21, 4.2 P10 - Authenticated Sensitive Information Exposure via D2-API Log Files
CVE-2015-0255
X.Org Server < 1.16.3 and 1.17.x < 1.17.1 - Exposure of Sensitive Information via XkbSetGeometry Request
CVE-2015-0070
Microsoft Internet Explorer 6-11 - Cross-domain Information Disclosure via Crafted Web Site
CVE-2015-0061
Microsoft Windows - Information Disclosure via TIFF Image Processing
CVE-2015-0602
Cisco Unified IP 9900 Series Firmware < 9.4(1) - Exposure of Sensitive Information via Mobility Extension
CVE-2015-1482
Ansible Tower < 2.0.4 - Unauthenticated Sensitive Information Exposure via WebSocket Connection
CVE-2015-1480
ZOHO ManageEngine ServiceDesk Plus <9.0 build 9031 - Info Disclosure
CVE-2015-1457
Fortinet FortiAuthenticator 3.0.0 - Info Disclosure
CVE-2015-1456
Fortinet FortiAuthenticator 3.0.0 - Info Disclosure
CVE-2015-1357
Siemens Ruggedcom - Info Disclosure
CVE-2015-0597
Cisco WebEx Meetings Server < 1.5(.1.131) - Administrative Account Enumeration via Forgot Password Feature
CVE-2015-0595
Cisco WebEx Meetings Server < 1.5(1.131) - Exposure of Sensitive Information via XMLAPI GET Request
CVE-2015-0236
Mageia < 1.2.11 - Information Disclosure
CVE-2015-1308
kde-workspace <5.1.95 - Info Disclosure
CVE-2015-0310 HIGH KEV
Adobe Flash Player < 11.2.202.438 - Memory Address Exposure via ASLR Bypass
CVSS 7.8
CVE-2015-1306
Sympa <6.0.10, <6.1.24 - Info Disclosure
CVE-2015-0514
EMC Watch4Net < 6.5 and ViPR SRM < 3.6.0 - Unauthorized Exposure of Sensitive Credentials
CVE-2015-0590
Cisco WebEx Meeting Center - Unauthorized Sensitive Information Exposure via Crafted Meeting Parameters
CVE-2015-0583
Cisco WebEx Meeting Center - Exposure of Sensitive Information via File URI Handling
Details
Vulnerabilities 10,191
Exploit Likelihood High