CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,191 vulnerabilities with CWE-200
CVE-2014-0912 MEDIUM
IBM Sterling B2B Integrator and Sterling File Gateway - Exposure of Sensitive Information via Error Page
CVSS 5.3
CVE-2014-6112 MEDIUM
IBM Security Identity Manager - Exposure of Sensitive Information via Weak SSL Ciphers
CVSS 5.9
CVE-2014-6109 MEDIUM
IBM Security Identity Manager - Authenticated Information Disclosure via LDAP Query
CVSS 5.3
CVE-2014-6108 MEDIUM
IBM Security Identity Manager Sensitive Information Exposure via Unencrypted Connection
CVSS 5.9
CVE-2014-4782 MEDIUM
IBM InfoSphere BigInsights 2.1.2 - Info Disclosure
CVSS 6.5
CVE-2014-10062 HIGH
Qualcomm Snapdragon Mobile and Wear Firmware - Unauthorized Data Connection Initiation via Exported LocationService
CVSS 7.5
CVE-2014-10055 HIGH
Qualcomm Snapdragon Mobile SD 400/800 Firmware - Sensitive Information Exposure via OCMEM xPU
CVSS 7.5
CVE-2014-10047 HIGH
Qualcomm SD 400 and SD 800 Firmware - Exposure of Sensitive Information via Full Disk Encryption Key Handling
CVSS 7.5
CVE-2014-1686 MEDIUM
MediaWiki 1.18.0 - Information Exposure via Thumbnail Creation
CVSS 5.3
CVE-2014-6309 HIGH
Kaazing Gateway <4.0.4 - Info Disclosure
CVSS 7.5
CVE-2014-2078 MEDIUM
Open-Xchange OX AppSuite <7.4.2-rev9 - Info Disclosure
CVSS 5.3
CVE-2014-2359 MEDIUM
OleumTech Wireless Sensor Network - Info Disclosure
CVSS 5.9
CVE-2014-5028 MEDIUM
Review Board 1.7.0-1.7.26 - Authenticated Exposure of Sensitive Information via Database ID
CVSS 6.5
CVE-2014-5132 MEDIUM
Avolve Software ProjectDox 8.1 - User Enumeration via Email Address
CVSS 4.3
CVE-2014-5131 MEDIUM
Avolve Software ProjectDox 8.1 - Authenticated Exposure of Sensitive Information via Ciphertext Reuse
CVSS 6.5
CVE-2014-5130 MEDIUM
Avolve Software ProjectDox 8.1 - Authenticated Exposure of Sensitive Information via Direct Access Token
CVSS 6.5
CVE-2014-5450 MEDIUM
Zarafa Collaboration Platform 4.1 - Unauthorized Sensitive Information Exposure via World-Readable License File
CVSS 5.5
CVE-2014-4024 MEDIUM
F5 BIG-IP <10.2.4 HF9, <11.2.1 HF12, <11.3.0 HF10, <11.4.0 HF8, <11...
CVSS 5.9
CVE-2014-2885 HIGH
TrueCrypt 7.1a - Integer Overflow in EncryptedIoQueue.c and Ntdriver.c
CVSS 7.1
CVE-2014-2884 LOW
TrueCrypt 7.1a - Local Information Disclosure via IOCTL Calls
CVSS 3.3
CVE-2014-6437 CRITICAL
Aztech DSL5018EN DSL705E DSL705EU - Unauthenticated Sensitive Information Exposure via ROM File
CVSS 9.8
CVE-2014-5004 HIGH
brbackup 0.1.1 - Exposure of Sensitive Information via MySQL Command Line
CVSS 7.8
CVE-2014-5001 HIGH
Ksymfony1.rb <2.1.6 - Info Disclosure
CVSS 7.8
CVE-2014-5000 HIGH
lawn-login <0.0.7 - Info Disclosure
CVSS 7.8
CVE-2014-4999 HIGH
kajam 1.0.3.rc2 - Exposure of Sensitive Information via MySQL Command Line
CVSS 7.8
Details
Vulnerabilities 10,191
Exploit Likelihood High