CWE-200
High likelihoodExposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
10,194 vulnerabilities with CWE-200
CVE-2014-5213
Novell eDirectory < 8.8 - Authenticated Sensitive Information Exposure via iMonitor Direct Request
CVE-2014-9408
Ekahau Activator, RTLS Controller, B4 Badge - Sensitive Info Exposure via RC4
CVE-2014-9355
Puppet Enterprise <3.7.1 - Info Disclosure
CVE-2014-6164
IBM Websphere Application Server - Information Disclosure
CVE-2014-6088
IBM Security Access Manager 7.x < 7.0.0 FP10 & 8.x < 8.0.1 - Sensitive Information Exposure via Null SSL Cipher
CVE-2014-6086
IBM Security Access Manager 8.x < 8.0.1 and 7.x < 7.0.0 FP10 - Sensitive Information Exposure via Unencrypted HTTP
CVE-2014-6083
IBM Security Access Manager 7.x < 7.0.0 FP10 & 8.x < 8.0.1 - Sensitive Cookie Exposure
CVE-2014-8553
MantisBT < 1.2.17 - Exposure of Sensitive Information via SOAP API
CVE-2014-9252
Zenoss Core < 5.0.0 - Unauthenticated Exposure of Sensitive Information via Session Database
CVE-2014-9250
Zenoss Core < 5.0.0 - Exposure of Sensitive Information via Missing HTTPOnly Cookie Flag
CVE-2014-9247
Zenoss Core < 5.0.0 - Authenticated Exposure of Sensitive User Information via User Manager Page
CVE-2014-9245
Zenoss Core <= 5 Beta 3 - Information Disclosure via Product Rename Stack Trace
CVE-2014-6138
IBM WebSphere DataPower XC10 Appliance 2.1-2.5 - Authenticated Unauthorized Data Access
CVE-2014-6143
IBM WebSphere DataPower XC10 2.1/2.5 - Sensitive Information Exposure via Local Response Reading
CVE-2014-8372
VMware AirWatch < 7.3.3.0 - Authenticated Exposure of Sensitive Information via Direct Object Reference
CVE-2014-6114
IBM Operational Decision Manager - XML External Entity Injection in Hosted Transparent Decision Service
CVE-2014-6355
Microsoft Windows - Info Disclosure
CVE-2014-9162
Adobe Flash Player <13.0.0.259, <14.x-16.x - Info Disclosure
CVE-2014-8452
Adobe Acrobat Reader 10.x < 10.1.13 and 11.x < 11.0.10 - XML External Entity Injection
CVE-2014-8451
Adobe Acrobat and Reader 10.x < 10.1.13 and 11.x < 11.0.10 - Information Exposure via JavaScript API
CVE-2014-8448
Adobe Acrobat and Reader 10.x-10.1.12 and 11.x-11.0.9 - Exposure of Sensitive Information via JavaScript API
CVE-2014-8009
Cisco Unified Computing System < 2.1(3f) - Sensitive Information Exposure via Log File Reading
CVE-2014-9361
LoginToboggan module <7.x-1.4 - Privilege Escalation
CVE-2014-9279
MantisBT 1.1.0a3-1.2.x - Unauthenticated Exposure of Sensitive Information via Hostname Parameter
CVE-2014-9303
EntryPass N5200 Active Network Control Panel - Unauthenticated Exposure of Sensitive Information via URL Character Range
Details
Vulnerabilities
10,194
Exploit Likelihood
High