CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,195 vulnerabilities with CWE-200
CVE-2014-3056
IBM WebSphere Portal 7.x-8.0.0.1 CF12 - Information Disclosure via Unified Task List Portlet
CVE-2014-3050
IBM Rational Team Concert 3.x < 3.0.1.6 IF3 and 4.x < 4.0.7 - Credential Exposure via Build Engine
CVE-2014-3543
Moodle < 2.3.11, 2.4.x < 2.4.11, 2.5.x < 2.5.7, 2.6.x < 2.6.4, 2.7.x < 2.7.1 - XXE in IMSCP Manifest Parser
CVE-2014-3542
Moodle < 2.3.11, 2.4.x < 2.4.11, 2.5.x < 2.5.7, 2.6.x < 2.6.4, 2.7.x < 2.7.1 - XXE Injection via LTI
CVE-2014-3304
Cisco WebEx Meetings Server - Unauthenticated User Account Enumeration via OutlookAction Class
CVE-2014-3303
Cisco WebEx Meetings Server - Exposure of Sensitive Information via Query String
CVE-2014-5107
concrete5 < 5.6.3 - Unauthenticated Installation Path Exposure via Dashboard Endpoints
CVE-2014-4747
IBM Sametime <8.5.2.1 - Info Disclosure
CVE-2014-3301
Cisco WebEx Meetings Server < 1.5(1.131) - Exposure of Sensitive Information via Stack Trace
CVE-2014-4682
Siemens SIMATIC WinCC <7.3 - Info Disclosure
CVE-2014-4980
Tenable Web UI <2.3.5 - Info Disclosure
CVE-2014-3530
Red Hat JBoss Enterprise Application Platform - XML External Entity Injection in PicketLink DocumentUtil
CVE-2014-2519
EMC RecoverPoint Appliance <4.1.0.1 - Info Disclosure/DoS
CVE-2014-3064
IBM InfoSphere MDM Collaboration Server 10.x-11.x / Server for PIM 9.0-9.1 - Arbitrary File Read
CVE-2014-3045
IBM Scale Out Network Attached Storage < 1.4.3.2 - Local Password Exposure via chuser Command
CVE-2014-2368
Advantech WebAccess <7.2 - Info Disclosure
CVE-2014-2367
Advantech WebAccess <7.2 - Info Disclosure
CVE-2014-2366
Advantech WebAccess <7.2 - Info Disclosure
CVE-2014-4347
Citrix NetScaler <9.3-62.4, <10.1-126.12 - Info Disclosure
CVE-2014-4031
Aruba Networks ClearPass <6.3.4 - Info Disclosure
CVE-2014-4942
wp-easycart < 2.0.6 - Unauthenticated Sensitive Information Exposure via phpinfo.php
CVE-2014-3485
Red Hat Enterprise Virtualization 3.4 - Authenticated XML External Entity Injection
CVE-2014-0174
Red Hat Enterprise MRG 2.5 - Session Cookie Exposure via Missing HTTPOnly Flag
CVE-2014-4022
Xen 4.4.x - Exposure of Sensitive Information via GNTTABOP_setup_table Subhypercall
CVE-2014-2510
EMC Documentum Foundation Services - Authenticated XML External Entity Injection
Details
Vulnerabilities 10,195
Exploit Likelihood High