CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,195 vulnerabilities with CWE-200
CVE-2014-6064
McAfee Web Gateway 7.3.0-7.3.2.8 and 7.4.x < 7.4.2 - Authenticated Exposure of Hashed User Passwords via Accounts Tab
CVE-2014-5137
Innovative Interfaces Sierra Library Services Platform 1.2_3 - User Enumeration via Login Request Timing
CVE-2014-5076
Labanquepostale < 3.2 - Information Disclosure
CVE-2014-3862
HL7 C-CDA < 1.1 - Information Disclosure via CDA.xsl IMG Element
CVE-2014-5128
iii Encore Discovery Solution 4.3 - Session Token Exposure in URI
CVE-2014-3351
Cisco Cloud Portal - Unauthenticated Exposure of Sensitive Information via NULL Session
CVE-2014-0600
Novell GroupWise - Arbitrary File Read and Write via FileUploadServlet poLibMaintenanceFileSave Parameter
CVE-2014-3575
Redhat Enterprise Linux Desktop < 4.1.1 - Information Disclosure
CVE-2014-3022
IBM WebSphere Application Server 7.0.x-7.0.0.33 8.0.x-8.0.0.9 8.5.x-8.5.5.3 - Information Disclosure via Crafted URL
CVE-2014-0965
IBM WebSphere Application Server 7.0.x-7.0.0.33 8.0.x-8.0.0.9 8.5.x-8.5.5.3 Sensitive Information Exposure
CVE-2014-3562
389 Directory Server - Exposure of Sensitive Replicated Metadata via Directory Search
CVE-2014-4750
IBM PowerVC Express Edition <1.2.0 - Info Disclosure
CVE-2014-2521
EMC Documentum Content Server <7.1 P07 - Info Disclosure
CVE-2014-4615
OpenStack PyCADF <0.5.0, Telemetry <2013.2.4, Neutron <2014.1.2, Ju...
CVE-2014-3341
Cisco NX-OS < 7.0(3)N1(1) - VLAN Enumeration via SNMP Error Message Discrepancy
CVE-2014-3087
IBM Business Process Manager 7.5-8.5.5 - Authenticated XML External Entity Injection via callService.do
CVE-2014-3081
IBM Global Console Manager <1.20.0.22575 Authenticated Arbitrary File Read via prodtest.php
CVE-2014-3508
OpenSSL 0.9.8-0.9.8za 1.0.0-1.0.0m 1.0.1-1.0.1h - Information Exposure via OBJ_obj2txt Pretty Printing
CVE-2014-4746
IBM WebSphere Portal <8.0.0.1 CF13-<8.5.0 CF01 - SSRF
CVE-2014-3076
IBM Business Process Manager 8.5-8.5.5 - Exposure of Sensitive Information via JSP Diagnostic Page
CVE-2014-3853
Pyplate 0.08 - Exposure of Sensitive Information via Insecure Cookie Transmission
CVE-2014-3852
Pyplate 0.08 - Exposure of Sensitive Information via Missing HTTPOnly Flag in Set-Cookie Header
CVE-2014-3851
Pyplate 0.08 - Exposure of Sensitive Information via World-Readable passwd.db
CVE-2014-3517
OpenStack Nova < 2013.2.4 - Instance ID Signature Exposure via Metadata Request Timing
CVE-2014-2356
Innominate mGuard <7.6.4-8.0.3 - Info Disclosure
Details
Vulnerabilities 10,195
Exploit Likelihood High