CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,191 vulnerabilities with CWE-200
CVE-2014-8391
Sendio < 7.2.3 - Authenticated Session Information Exposure
CVE-2014-0999
Sendio < 7.2.3 - Session Identifier Exposure via Referrer HTTP Header
CVE-2014-6190
IBM Workload Deployer < 3.1.0.7 - Unauthenticated Sensitive Information Exposure via Log Viewer
CVE-2014-4776
IBM License Metric Tool <9.1.0.2 - Info Disclosure
CVE-2014-6211
IBM WebSphere Commerce <6.0.0.11, <7.0.0.9, <7.0 FP2 - Info Disclosure
CVE-2014-1900
Y-Cam Cameras - Unauthenticated Sensitive Information Exposure via /./ Path Bypass
CVE-2014-0919
IBM DB2 9.5-10.5 - Authenticated Exposure of Sensitive Information via Monitoring and Audit Facilities
CVE-2014-8111
Apache Tomcat Connectors < 1.2.40 - Exposure of Sensitive Information via JkUnmount Rule Bypass
CVE-2014-5405
Hospira MedNet < 5.8 and >= 6.1 - Authenticated Exposure of Sensitive Information via Hardcoded SQL Password
CVE-2014-5400
Hospira MedNet < 6.1 - Cleartext Credentials Exposure
CVE-2014-5427
Johnsoncontrols Metsys - Information Disclosure
CVE-2014-9712
Websense TRITON V-Series <7.8.3-7.8.4 - Info Disclosure
CVE-2014-8923
IBM Tivoli/Security Identity Manager <5.1.24/<6.0.14 - Info Disclosure
CVE-2014-6134
IBM Rational ClearCase 8.0.0-8.0.0.14 & 8.0.1-8.0.1.7 Sensitive Information Exposure via Password Retention
CVE-2014-6131
IBM Rational DOORS Next Generation - Authenticated Unauthorized Dashboard Access
CVE-2014-8112
389 Directory Server 1.3.1.x, 1.3.2.x < 1.3.2.27, 1.3.3.x < 1.3.3.9 - Sensitive Info Exposure via Changelog
CVE-2014-8105
389 Directory Server <1.3.2.27/1.3.3.x<1.3.3.9 - Unauthenticated Sensitive Info Exposure via Changelog
CVE-2014-8921
IBM Notes Traveler Companion <1.1 - Info Disclosure
CVE-2014-6115
IBM Rational Insight 1.1.1.5 - Unauthenticated Sensitive Information Exposure via Jazz Reporting Service Report URL
CVE-2014-4818
IBM Tivoli Storage Manager <6.4.3-7.1.2 - Info Disclosure
CVE-2014-8487
Kony Enterprise Mobile Management < 1.2 - Sensitive Information Exposure via Message/Request ID
CVE-2014-9423
MIT Kerberos 5 < 1.13.1 - Uninitialized Memory Exposure via svcauth_gss_accept_sec_context
CVE-2014-6304
PNMsoft Sequence Kinetics <7.7 - Info Disclosure
CVE-2014-6147
IBM Flex System Manager 1.1.x.x-1.3.2.0 - Exposure of Sensitive Information
CVE-2014-7883
HP Universal CMDB Probe 9.05, 10.01, 10.11 - Exposure of Sensitive Information via HTTP TRACE Method
Details
Vulnerabilities 10,191
Exploit Likelihood High