CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,194 vulnerabilities with CWE-200
CVE-2014-6622
Aruba Networks ClearPass <6.3.6, <6.4 - Info Disclosure
CVE-2014-6621
Aruba Networks ClearPass <6.3.6-6.4.1 - Info Disclosure
CVE-2014-4460
CFNetwork <8.1.1-10.10.1 - Info Disclosure
CVE-2014-4458
Apple OS X <10.10.1 - Info Disclosure
CVE-2014-4453
Apple iOS <8.1.1 & OS X <10.10.1 - Info Disclosure
CVE-2014-7992
Cisco DLSw Information Disclosure Scanner
CVE-2014-6107
IBM Security Identity Manager 6.x - Unauthenticated Sensitive Cookie Information Exposure via HTTP Session
CVE-2014-0059
Red Hat JBoss EAP <6.2.3 - Info Disclosure
CVE-2014-8566
mod_auth_mellon < 0.8.1 - Exposure of Sensitive Information via Session Overflow
CVE-2014-3502
Apache Cordova Android - Exposure of Sensitive Information via Crafted URI Scheme
CVE-2014-3707
Canonical Ubuntu Linux - Information Disclosure
CVE-2014-8476
FreeBSD 8.4-10.1-RC4 - Unauthorized Sensitive Information Exposure via setlogin Buffer
CVE-2014-8736
Open Atrium Core <7.x-2.22 - Auth Bypass
CVE-2014-8735
Bad Behavior module <6.x-2.2216 & <7.x-2.2216 - Info Disclosure
CVE-2014-8437
Adobe Flash Player < 13.0.0.252 and 14.x-15.x < 15.0.0.223 - Session Token Exposure
CVE-2014-6346
Microsoft Internet Explorer <11 - Info Disclosure
CVE-2014-6345
Microsoft Internet Explorer <10 - Info Disclosure
CVE-2014-6340
Microsoft Internet Explorer - Info Disclosure
CVE-2014-6323
Microsoft Internet Explorer <11 - Info Disclosure
CVE-2014-8709
Linux kernel <3.13.5 - Info Disclosure
CVE-2014-6146
IBM Sterling B2B Integrator 5.2.x-5.2.4 - Exposure of Sensitive Information via Log Files
CVE-2014-5038
Eucalyptus 3.0.0-4.0.1 - Unauthorized Sensitive Information Exposure via Debug Log
CVE-2014-5037
Eucalyptus 4.0.0-4.0.1 - Unauthorized Exposure of Sensitive Information via Cloud-Requests Log
CVE-2014-7988
Cisco Unity Connection < 10.5 - Authenticated Exposure of Sensitive Information via Unified Messaging Service Log Files
CVE-2014-8666
SAP Business Intelligence - Info Disclosure
Details
Vulnerabilities 10,194
Exploit Likelihood High