CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,194 vulnerabilities with CWE-200
CVE-2014-5213
Novell eDirectory < 8.8 - Authenticated Sensitive Information Exposure via iMonitor Direct Request
CVE-2014-9408
Ekahau Activator, RTLS Controller, B4 Badge - Sensitive Info Exposure via RC4
CVE-2014-9355
Puppet Enterprise <3.7.1 - Info Disclosure
CVE-2014-6164
IBM Websphere Application Server - Information Disclosure
CVE-2014-6088
IBM Security Access Manager 7.x < 7.0.0 FP10 & 8.x < 8.0.1 - Sensitive Information Exposure via Null SSL Cipher
CVE-2014-6086
IBM Security Access Manager 8.x < 8.0.1 and 7.x < 7.0.0 FP10 - Sensitive Information Exposure via Unencrypted HTTP
CVE-2014-6083
IBM Security Access Manager 7.x < 7.0.0 FP10 & 8.x < 8.0.1 - Sensitive Cookie Exposure
CVE-2014-8553
MantisBT < 1.2.17 - Exposure of Sensitive Information via SOAP API
CVE-2014-9252
Zenoss Core < 5.0.0 - Unauthenticated Exposure of Sensitive Information via Session Database
CVE-2014-9250
Zenoss Core < 5.0.0 - Exposure of Sensitive Information via Missing HTTPOnly Cookie Flag
CVE-2014-9247
Zenoss Core < 5.0.0 - Authenticated Exposure of Sensitive User Information via User Manager Page
CVE-2014-9245
Zenoss Core <= 5 Beta 3 - Information Disclosure via Product Rename Stack Trace
CVE-2014-6138
IBM WebSphere DataPower XC10 Appliance 2.1-2.5 - Authenticated Unauthorized Data Access
CVE-2014-6143
IBM WebSphere DataPower XC10 2.1/2.5 - Sensitive Information Exposure via Local Response Reading
CVE-2014-8372
VMware AirWatch < 7.3.3.0 - Authenticated Exposure of Sensitive Information via Direct Object Reference
CVE-2014-6114
IBM Operational Decision Manager - XML External Entity Injection in Hosted Transparent Decision Service
CVE-2014-6355
Microsoft Windows - Info Disclosure
CVE-2014-9162
Adobe Flash Player <13.0.0.259, <14.x-16.x - Info Disclosure
CVE-2014-8452
Adobe Acrobat Reader 10.x < 10.1.13 and 11.x < 11.0.10 - XML External Entity Injection
CVE-2014-8451
Adobe Acrobat and Reader 10.x < 10.1.13 and 11.x < 11.0.10 - Information Exposure via JavaScript API
CVE-2014-8448
Adobe Acrobat and Reader 10.x-10.1.12 and 11.x-11.0.9 - Exposure of Sensitive Information via JavaScript API
CVE-2014-8009
Cisco Unified Computing System < 2.1(3f) - Sensitive Information Exposure via Log File Reading
CVE-2014-9361
LoginToboggan module <7.x-1.4 - Privilege Escalation
CVE-2014-9279
MantisBT 1.1.0a3-1.2.x - Unauthenticated Exposure of Sensitive Information via Hostname Parameter
CVE-2014-9303
EntryPass N5200 Active Network Control Panel - Unauthenticated Exposure of Sensitive Information via URL Character Range
Details
Vulnerabilities 10,194
Exploit Likelihood High