CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,195 vulnerabilities with CWE-200
CVE-2014-3621
OpenStack Keystone <2013.2.3/2014.1<2014.1.2.1 Authenticated Sensitive Info Exposure
CVE-2014-4765
IBM Maximo Asset Mgmt <7.5.0.6 - Info Disclosure
CVE-2014-3105
IBM Rational ClearQuest 7.1-8.0.1 - Unauthenticated User Enumeration via OSLC Login Error Messages
CVE-2014-3103
IBM Rational ClearQuest 7.1-8.0.1 - Session Cookie Exposure via Missing Secure Flag
CVE-2014-5320
Bump - Unauthorized Sensitive Information Exposure via Implicit Intent Handling
CVE-2014-4403
Apple OS X <10.9.5 - Info Disclosure
CVE-2014-4826
IBM Security QRadar SIEM <7.2.3 - Info Disclosure
CVE-2014-4819
IBM WebSphere Message Broker <8.0.0.6 & IBM Integration Bus <9.0.0....
CVE-2014-4409
iPhone OS < 7.1.2 - Unauthorized Data Exposure via HTML5 Application Cache
CVE-2014-4407 LOW
Apple tvOS < 6.2 - Unauthorized Memory Content Exposure via IOKit Function Calls
CVSS 3.3
CVE-2014-4362
iPhone OS < 7.1.2 - Unauthorized Apple ID Information Exposure via Sandbox Profile
CVE-2014-4361
iPhone OS < 7.1.2 - Unauthorized Sensitive Information Exposure via Home & Lock Screen API
CVE-2014-4357
Apple tvOS < 6.2 and iPhone OS < 7.1.2 - Unauthorized Sensitive Information Exposure via Log Data
CVE-2014-4356
iPhone OS < 7.1.2 - Unauthorized Sensitive Information Exposure via Lock Screen Text-Message Preview
CVE-2014-3077
IBM Storwize V7000 Unified 1.3.x-1.4.3.3 - Exposure of Sensitive Information in Audit Log
CVE-2014-2377
Ecava IntegraXor SCADA Server <4.1.4360 - Info Disclosure
CVE-2014-2009
mpay24 < 1.5.1 - Unauthenticated Sensitive Information Exposure via Direct Request to API Log
CVE-2014-3092
IBM Rational Doors Next Generation & Rational Engineering Lifecycle Manager - Session Cookie Exposure
CVE-2014-0909
IBM Rational License Key Server 8.1.4.x < 8.1.4.4 - Session Cookie Exposure via Insecure Flag
CVE-2014-0153
oVirt < 3.4.0 - Exposure of Sensitive Information via HTML5 Local Storage
CVE-2014-4863
Arris Touchstone DG950A <7.10.131 - Info Disclosure
CVE-2014-4862
Netmaster CBW700N - Info Disclosure
CVE-2014-5036
Eucalyptus 3.4.2-4.0.x - Exposure of Sensitive Information in Storage Controller Logs
CVE-2014-5377
ManageEngine DeviceExpert < 5.9 - Unauthenticated Exposure of Sensitive Information via ReadUsersFromMasterServlet
CVE-2014-4805
IBM DB2 10.5 - Exposure of Sensitive Information via Temporary Files in CDE Table LOAD Operations
Details
Vulnerabilities 10,195
Exploit Likelihood High