CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,194 vulnerabilities with CWE-200
CVE-2014-5094
status2k - Unauthenticated Sensitive Information Exposure via phpinfo Action
CVE-2014-4440
Apple OS X <10.10 - Info Disclosure
CVE-2014-4439
Mail in Apple OS X <10.10 - Info Disclosure
CVE-2014-4426
Apple OS X <10.10 - Info Disclosure
CVE-2014-2064
Jenkins <1.551, <1.532.2 - Info Disclosure
CVE-2014-8315
SAP BusinessObjects Explorer 14.0.5 - Port Scanning via polestar_xml.jsp cms Parameter
CVE-2014-8309
SAP BusinessObjects 4.0 and XI R2/R3.1 - Username Enumeration via SecEnterprise Authentication Timing
CVE-2014-3680
Jenkins < 1.583 and LTS < 1.565.3 - Authenticated Sensitive Information Exposure via Parameterized Job DOM
CVE-2014-3667
Redhat Openshift < 3.1 - Information Disclosure
CVE-2014-3662
Jenkins < 1.583 and LTS < 1.565.3 - User Enumeration via Login Attempts
CVE-2014-1830
Requests <2.3.0 - Info Disclosure
CVE-2014-1829
Requests <2.3.0 - Info Disclosure
CVE-2014-1580
Mozilla Firefox <33.0 - Info Disclosure
CVE-2014-7284
Linux kernel 3.13.x-3.14.x - Info Disclosure
CVE-2014-1571
Bugzilla < 4.0.15, 4.1.x-4.2.x < 4.2.11, 4.3.x-4.4.x < 4.4.6, 4.5.x < 4.5.6 - Sensitive Info Exposure
CVE-2014-4874
BMC Track-It! 11.3.0.355 - Info Disclosure
CVE-2014-4761
IBM WebSphere Portal - Info Disclosure
CVE-2014-5270
Libgcrypt < 1.5.4 - Side-Channel Key Extraction via Voltage Analysis
CVE-2014-8068
Adobe Digital Editions 4 - Unencrypted Sensitive Data Transmission
CVE-2014-7231
OpenStack <2013.2.4 & <2014.1.3 - Info Disclosure
CVE-2014-7230
OpenStack <2013.2.4 & <2014.1.3 - Info Disclosure
CVE-2014-3641
OpenStack Cinder < 2014.1.3 - Authenticated Sensitive Information Exposure via Crafted qcow2 Header
CVE-2014-3400
Cisco WebEx Meetings Server - Authenticated Sensitive Information Exposure via Log Reading
CVE-2014-3398
Cisco Adaptive Security Appliance Software - Sensitive Information Exposure via SSL VPN Verbose Response
CVE-2014-3621
OpenStack Keystone <2013.2.3/2014.1<2014.1.2.1 Authenticated Sensitive Info Exposure
Details
Vulnerabilities 10,194
Exploit Likelihood High